Cybercriminals can execute cyberattack for $34/month with $25,000 ROI, says Deloitte

Must Read

How to choose an effective DDoS mitigation plan

There are several flavours from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the protection flavours (always-on or on-demand)

How tech bolster security of online gaming platforms

The rise of online gaming and is evident throughout the world’s financial capitals with the UK, US, and a few other European nations at the forefront

Explained: The evolving nature of cybersecurity threats

Concerns such as hacking and the presence of computer viruses have existed for decades in one form or another. As technology evolved over the years, so did the cybersecurity  threats themselves.

The attackers can execute a cyber attack for as little as $34 per month compared to the extraordinarily high impact and associated expense, thousands to millions of dollars, incurred by a victimized organization that needs to remediate and recover from it, said a report from .

In its newly released report – Black Market Ecosystem: Estimating the cost of ownership – consulting firm Deloitte estimates that some common criminal businesses can be operated for as little as $34 month and could return $25,000, while others may routinely require nearly $3,800 a month and could return up to $1 million per month.

According to the practice arm of the Deloitte, phish kits continue to be the overall most affordable approach both in terms of low estimate and average cost, while banking trojans are costlier, on average. The report said that a multiple payload campaign, unsurprisingly, is potentially the most expensive criminal business.

The study said that for every category of criminal, a product almost certainly exists which caters to their needs. The cost of these products does not necessarily correlate to the skill level of the threat actors who purchase them. Regardless, all are extraordinarily low cost compared to the resulting impact to the compromised organization.

Also Read | Facebook bug exposed 6.8 million user’s private photos to app developers

“If you haven’t noticed, criminals don’t file tax returns. And while challenging, it’s still important to be able to review and compare these criminal businesses to help identify which exploits are the most affordable and lucrative for them to pursue — both from a cost of entry and routine operations standpoint,” stated Keith Brogan, managed threat services leader for Deloitte cyber risk services, and managing director with Deloitte & Touche LLP.

“There’s a definite correlation to the investment level in terms of a sum cost. You have to spend money to make money even as a criminal,” he added.

The report emphasised that the ingenuity of cyber-criminals practically guarantees that there are always exceptions to the findings, but organizations need to have some level of understanding as to how these incidents are occurring to effectively shift their posture.

The impact of a cyberattack as experienced by the compromised organization is, in many ways, intangible and more difficult to quantify. This includes costs associated with loss of intellectual property (IP) or contracts, operational disruption, credit rating impact, or damage to the value of a trade name. Still, in dollars and cents, it is widely reported that the cost of a is upwards of $4 million to an organization with the potential to cost hundreds of millions even billions of dollars in long-term resulting impact.

Also Read | You should not have these 22 Android Apps on your smartphone: Here’s why?

“In the realm of cyber everywhere, companies will only continue to introduce more digital innovations, which will require them to also continuously adopt and adapt cybersecurity measures commensurate with the growing threats they’ll face,” said Andrew Morrison, strategy, defense and response leader for Deloitte cyber risk services and principal with Deloitte & Touche LLP.

“Cyberattacks are inevitable but the extent of their damage is not. Organizational transformation is needed to reprioritize and refocus investments on mitigating likely outcomes, based on a broad understanding of attackers’ motives and the ability to anticipate high-impact scenarios,” said Morrison.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Sapience Analytics signs distribution agreement with Redington

Sapience Analytics and Redington said that they have entered into a distribution agreement where latter will resell the Sapience Vue solution through its network of over 30,000 channel partners, system integrators, and value-added resellers countrywide.
- Advertisement -SAP Hana

Related Articles