The hidden costs of cybercrime have nearly doubled over the past two years, according to a recent McAfee Security report, “The Hidden Costs of Cybercrime.” Cybercrime cost the global economy $1 trillion USD in 2020, a significant increase compared to the $600 billion USD reported in 2018. McAfee attributes the surge partly to increased reporting of incidents and partly to the increased sophistication of cyberattacks. Over recent years, Corero’s Security Operations Center (SOC) has observed a growing number of automated distributed denial of service (DDoS) attacks leveraging multiple vectors, with the vast majority of these attacks being short in duration and low in volume, designed to avoid detection by legacy DDoS mitigation tools.
What are the hidden costs?
McAfee analysts wrote, “It is no secret that cybercrime can harm public safety, undermine national security, and damage economies. What is less well known are the hidden costs that organizations may not be aware of, such as lost opportunities, wasted resources, and damaged staff morale.” Depending on the organization and the cyberattack, financial costs to an organization can range from a few hundred to millions of dollars. The report states that “The most expensive forms of cybercrime are economic espionage, the theft of intellectual property, financial crime and, increasingly, ransomware. These account for the greatest losses. We estimate that intellectual property (IP) theft and financial crime account for two thirds of monetary losses and pose the greatest threat to companies.”
DDoS may not be the most expensive types of attacks to launch, although they can be very costly, especially when they are combined with a ransom demand. McAfee found that, “When it comes to the impact of ransomware or DoS/DDoS attacks, LOB decision makers seem to lack visibility into their actual impact on their organization, contrasted to the evaluation made by IT executives.” That’s unfortunate, because DDoS attacks are extremely common, and the costs they incur are often significant. Most modern DDoS attacks are not massively high volume , but even small, sub-saturating, attacks can distract cybersecurity analysts from other nefarious attacks, and interrupt the availability of websites, online services and business applications. Any amount of downtime — even a few seconds— can impact online transactions, whether for a gaming service, or a major financial institution.
In an “always-on” world, downtime can damage customer trust, decrease revenue, and tarnish brand reputation. On top of that are the incident response costs: i.e., deploying IT staff to mitigate an attack, assigning support staff to respond to customer complaints, and coordinating PR teams to respond to the public or media. Plus, if an organization relies solely on a cloud scrubbing service to mitigate DDoS attacks, the cost of that on-demand protection is often unplanned for, and can be significant, depending on the duration or frequency of the attacks.
According to the McAfee report, “The financial impact of downtime to any given department in an organization averaged $590,000. For 33% of the respondents, the cost was between $100,000 and $500,000. Not surprisingly, engineering departments experience greater losses averaging $965,000, contrasting sharply with the human resources departments, which suffered losses around $89,000.”
An overwhelming majority of companies experience cyber incidents
How common are cyberattacks? The answer is, extremely common! In fact, of the 1,500 companies that McAfee surveyed, only 4% said that they had not experienced a cyber incident in 2019. Of the 96% that did report a cyber incident, “92% of them said that the biggest non-monetary loss was in productivity. The longest average interruption to operations was 18 hours, averaging more than half a million dollars.”
Too many companies are ill-prepared
McAfee reported that “Amazingly, slightly more than half of the surveyed organization said they do not have plans to both prevent and respond to a cyber incident. Out of the 951 organizations that had a response plan, only 32% said the plan was actually effective.” Considering the high costs of cybercrime, those statistics are both remarkable and alarming.
DDoS solutions are easy
The good news is that although DDoS is common and continues to be increasingly difficult to detect manually, it is relatively simple to deploy solutions that can effectively detect and mitigate these attacks automatically. An ounce of prevention is worth a pound of cure, as the saying goes. Don’t be an easy target; deter cybercriminals by making it as hard as possible for them to overcome your cyber defenses. For DDoS, there are a variety of mitigation solutions to choose from;: 1) on-premises appliances; 2) a hybrid combination of on-premises appliances and a cloud scrubbing center; 3) protection as a service from your Hosting provider or Internet service provider.