Cybercriminals can execute cyberattack for $34/month with $25,000 ROI, says

Must Read

Moving physical data center to cloud: Here’re key non-negotiables for cloud migration

Any journey from a physical data center to the cloud requires careful thought, education and investment in new capabilities to enable migration to the new environment.

Secure your information & data with password managers

There is a lot of personal or business information online. Secure their vulnerability using password managers, and conduct your business in safety

Here’s how live streaming is gaining ground in India

Live Streaming has made it quite easy to watch sports games in real time and that is why it is gaining ground in India
Tech Observer Desk
Tech Observer Desk covers e-governance, enterprise IT, startups, telecom and consumer electronics.

The attackers can execute a cyber attack for as little as $34 per month compared to the extraordinarily high impact and associated expense, thousands to millions of dollars, incurred by a victimized organization that needs to remediate and recover from it, said a report from .

In its newly released report – Black Market Ecosystem: Estimating the cost of ownership – consulting firm Deloitte estimates that some common criminal businesses can be operated for as little as $34 month and could return $25,000, while others may routinely require nearly $3,800 a month and could return up to $1 million per month.

According to the practice arm of the Deloitte, phish kits continue to be the overall most affordable approach both in terms of low estimate and average cost, while banking trojans are costlier, on average. The report said that a multiple payload campaign, unsurprisingly, is potentially the most expensive criminal business.

The study said that for every category of criminal, a product almost certainly exists which caters to their needs. The cost of these products does not necessarily correlate to the skill level of the threat actors who purchase them. Regardless, all are extraordinarily low cost compared to the resulting impact to the compromised organization.

Also Read | Facebook bug exposed 6.8 million user’s private photos to app developers

“If you haven’t noticed, criminals don’t file tax returns. And while challenging, it’s still important to be able to review and compare these criminal businesses to help identify which exploits are the most affordable and lucrative for them to pursue — both from a cost of entry and routine operations standpoint,” stated Keith Brogan, managed threat services leader for Deloitte cyber risk services, and managing director with Deloitte & Touche LLP.

“There’s a definite correlation to the investment level in terms of a sum cost. You have to spend money to make money even as a criminal,” he added.

The report emphasised that the ingenuity of cyber-criminals practically guarantees that there are always exceptions to the findings, but organizations need to have some level of understanding as to how these incidents are occurring to effectively shift their posture.

The impact of a cyberattack as experienced by the compromised organization is, in many ways, intangible and more difficult to quantify. This includes costs associated with loss of intellectual property (IP) or contracts, operational disruption, credit rating impact, or damage to the value of a trade name. Still, in dollars and cents, it is widely reported that the cost of a data breach is upwards of $4 million to an organization with the potential to cost hundreds of millions even billions of dollars in long-term resulting impact.

Also Read | You should not have these 22 Android Apps on your smartphone: Here’s why?

“In the realm of cyber everywhere, companies will only continue to introduce more digital innovations, which will require them to also continuously adopt and adapt measures commensurate with the growing threats they’ll face,” said Andrew Morrison, strategy, defense and response leader for Deloitte cyber risk services and principal with Deloitte & Touche LLP.

“Cyberattacks are inevitable but the extent of their damage is not. Organizational transformation is needed to reprioritize and refocus investments on mitigating likely outcomes, based on a broad understanding of attackers’ motives and the ability to anticipate high-impact scenarios,” said Morrison.

- Advertisement -
- Advertisement -

Latest in TECH

Budget 2020 strengthens India’s commitment to IT sector: DG STPI Omkar Rai

According DG STPI Omkar Rai, the Finance Minister push of proactive policy measures on emerging technologies such as AI, ML, Data Analytics and Quantum Computing could be a a great catalyst for the Indian IT industry.
- Advertisement - ESDS eNight Cloud Hosting

Related Articles