Today’s most damaging cyber attacks are nothing like “hit and run” attacks of the past. They take place over a period of time and have multiple, distinct phases. Since there are many parallels between a home burglary and a cyber attack, we’ve developed this infographic (click to enlarge) to help illustrate each phase of an attack, while tracking current worldwide spending on security products that address each phase.
Although the initial breach is only the first step in an attacker’s agenda – just like picking the lock on the front door or getting past the watch dog is simply a burglar’s first move – our research shows that a staggering majority – 97.5 percent – of worldwide security budgets focus solely on keeping intruders out of the network, using everything from endpoint security solutions to identity and access management products to secure messaging tools. But as countless attacks in 2011 alone have showed us, this “walled fortress approach” to network security is outmoded and ineffective and sophisticated, highly motivated attackers will find a way to circumvent even the most advanced perimeter security solutions out there today. In fact, 90 percent of organizations have indicated that they’ve experienced a breach – and industry research shows that each breach costs organizations more than $7 million on average.
Once an organization is breached, the entire focus of activity goes to trying to figure out what was stolen and how. More money – 1.4 percent of worldwide security spending – is allotted to dissecting attacks that have already happened than is spent on monitoring attacks that are still in progress. Worthwhile? Certainly. But your data is already gone.
Once inside your house, a burglar needs to poke around to find your most valuable items – the silver in the dining room and the jewelry in the bedroom – before he can stuff them into a bag and make a run for it. Similarly, once an intruder’s inside your network, the attacker still needs to find and package your organization’s critical and sensitive information before the real damage is done. Most often, there is plenty of time, from the initial breach of the “front door” to the exfiltration of the data, to take proactive steps to stop or minimize the impact of the attack. Despite that, only 1.1 percent of all security budgets are spent “inside the house,” actively watching the attack as it is happening and responding to the intrusion to minimize the impact.
Anyone else see something fundamentally wrong with this picture?