Home » Fraud Prevention » ID Systems & Services in Fraud Prevention

Cyberattacks: do you know when you’ve been hit?

How can you tell when you've been hit by a cyber attack? It's not always immediately obvious that cybersecurity has been breached but detection and response are critical. Immediate detection reduces the average cost of recovery dramatically – on average from $1.2m to $102,000 for larger companies, according a report by Kasperky Lab. New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks advises to organisations to think ahead, saying that prevention is still the best strategy but that being in a position to identify a breach is extremely important.

The main findings of the report were:

Targeted attacks make conventional approaches to cybersecurity obsolete

Targeted attacks have become one of the fastest growing threats in 2017, increasing in overall prevalence by 6% compared to 2016 and by 11% for enterprises. Comprising of not just common malware, but a unique malicious pattern that cybercriminals are using on organizations, a targeted attack is extremely dangerous for companies that rely solely on conventional approaches to cybersecurity.

Companies are unsure of how to respond to a targeted attack

As there’s no such thing as a common approach to fighting complex threats, businesses are struggling to understand how to deal with targeted attacks, with 42% of respondents admitting that they are unsure of the most effective response strategy. Worryingly, this figure is significantly higher (63%) among respondents who are IT security experts.

Need for more IT security professionals

A lack of IT security experts, especially those with specific knowledge in SOC management, incident response and threat hunting, is aggravating the situation. Half of businesses (50%) admit that they need to hire more experienced IT security professionals and a shortage of internal dedicated staff increases exposure to targeted attacks by 15%.

Reluctance to spend more on security

However, organizations are reluctant to increase their security spend on protection against targeted attacks: 78% of respondents think they are currently spending enough, or even overspending, when it comes to investing in advanced threat defence.

Speed of detection is critical to reduce cost

Meanwhile, there is a clear need for security solutions that go beyond prevention, as speed of detection is critical when it comes to the cost of breaches. When attacks were detected immediately, the average cost of recovery was $63,000 for SMBs and $102,000 for enterprises, compared to $465,000 and $1.2m respectively if detection took more than one week.

Solution involves human expertise

Finally, efficient incident response is not just about technology. To be able to effectively combat complex cyberthreats, organizations need to think about it as a process, not a destination. In addition to the right technologies, the strategy should also involve human expertise (in house or outsourced), incident investigation frameworks, procedures and cost-efficiency planning.

This item appears in the following sections:
Fraud Prevention
ID Systems & Services in Fraud Prevention
Minimizing Fraud Procedures
Minimizing Payment Fraud

Also see


By Paul Stheeman on 6th Nov 2017:

Speed in the detection of a cyberattack is critical as the later the attack is reported to your bank, the less the chance is that the money can be recuperated at all. The general rule of thumb is that anything over 24 hours after the attack will be difficult to recuperate. So it is essential that the control mechanisms can identify an attack more or less immediately.

By Jack Large on 6th Nov 2017:

The report says: “To be able to effectively combat complex cyberthreats, organizations need to think about it as a process, not a destination.” It is only then the speed of reaction will be fast, but another factor is vital in speed of response when a cyber attack hits, is to practice the response. Very few organisations practice what to do when they are hit, yet this is critical in speeding up any response.

Add a comment