Everything in today’s society is analytical. Everyone wants to see the numbers associated with every piece of information available. Improvements in technology, namely Big Data, have made dollar amounts, stats and percentages readily available allowing us to measure everything now.
As is the case for cyberattacks. In August, the New York Times had the cost of the Target breach at $148m, not including the drop in earnings on the stock market, or the total cost of the resources the company extended to recover from the hack – incident responders, PR teams etc.
The latest cyberattack to rock the headlines is Sony (again!), which should reach the $100m plateau, but experts are saying it should not exceed the $171m Sony lost due to the Playstation Network hack in 2011; because this current version did not touch customer data. Of course this is way too soon to begin discussing the “true cost” of the breach, the actual measurement will take upwards of six months.
However, “True cost” is a term that is thrown around loosely as it would be almost impossible to gain an understanding of the money lost due to this type of hack. The old saying, “any press is good press,” simply does not apply when it comes to security breaches. As stated above, no customer data was leaked in this most recent case, but how can you put a dollar amount on the nasty headlines that have surfaced as the news of this attack continues to come out? Will Angelina Jolie (and Brad Pitt naturally) refuse to do anymore movies associated with Sony Pictures?
All kidding aside though, these types of attacks have ramifications that reach far beyond dollars lost during the attack and recovery itself. The amount of man-hours companies must put towards their efforts to reclaim their security standards and their brand name cannot be measured. The new products and/or services that organizations bring in to test and solve their security practices, as well as the time focused on these new procedures cannot be measured. Consumers who will choose to shop at Walmart instead of Target, or buy lumber from Lowe’s instead of Home Depot, or play Xbox instead of Playstation simply cannot be added up.
Clearly cyberattacks have become the new norm for all enterprises. Outdated security solutions will only cause more harm than good at this point because attackers can evade them with ease. Bringing in new products can be a pain sure – finding budget, deciding which tools to look at, testing and re-testing them in your environments, getting executive signoff etc. The list goes on. However, what is more important? The time spent bringing in new security products or recovering from a serious data breach? Let’s ask the folks at Sony or Target or Home Depot or eBay or UPS or Dairy Queen...I think that’s a good start.