Monthly Archives: February 2016

Flipping the economics of hacker attacks

Larry Ponemon

Larry Ponemon

How much does it cost technically proficient adversaries to conduct successful attacks, and how
much do they earn? In Flipping the Economics of Attacks, sponsored by Palo Alto Networks, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.
In this study, we surveyed 304 threat experts in the United States, United Kingdom and Germany.
We built this panel of experts based on their participation in Ponemon Institute activities and IT security conferences. They were assured their identity would remain anonymous. Twenty-one percent of respondents say they are very involved, and 79 percent of respondents are involved in the threat community. They are all familiar with present-day hacking methods.

Here are the key findings:

Attackers are opportunistic. Adversaries go after the easiest targets first. They won’t waste time on an attack that will not quickly result in a treasure trove of high-value information,
according to 72 percent of respondents. Further, attackers will quit when the
targeted company has a strong defense, according to 69 percent of respondents.

Cost and time to plan and execute attacks is decreasing. According to 53
percent of respondents, the total cost of a successful attack has decreased, driving
even more attacks across the industry. Similarly, 53 percent of respondents say
the time to plan and execute an attack has decreased. Of these 53 percent of
respondents who say it takes less time, 67 percent agree the number of known
exploits and vulnerabilities has increased, 52 percent agree attacker skills have improved and 46 percent agree hacking tools have improved.

Increased usage of low-cost and effective toolkits drives attacks. Technically proficient
attackers are spending an average of $1,367 for specialized toolkits to execute attack. In the
past two years, 63 percent of respondents say their use of hacker tools has increased and 64
percent of respondents say these tools are highly effective.

Time to deter the majority of attacks is less than two days. The longer an organization can
keep the attacker from executing a successful attack the stronger its ability to safeguard its
sensitive and confidential information. The inflection point for deterring the majority of attacks is less than two days (40 hours) resulting in more than 60 percent of all attackers moving on to
another target.

Adversaries make less than IT security professionals. On average, attackers earn $28,744
per year in annual compensation, which is about one-quarter of a cybersecurity professional’s
average yearly wage.

Organizations with strong defenses take adversaries more than double the time to plan
and execute attacks. The average number of hours a technically proficient attacker takes to plan and execute an attack against an organization with a “typical” IT security infrastructure is less than three days (70 hours). However, when the company has an “excellent” IT infrastructure the time doubles to an average of slightly more than six days (147 hours).

Threat intelligence sharing is considered the most effective in preventing attacks.
According to respondents, an average of 39 percent of all hacks can be thwarted because the
targeted organization engaged in the sharing of threat intelligence with its peers.
Investments in security effectiveness can reduce successful attacks significantly. As an
organization strengthens its security effectiveness, the ability to deter attacks increases, as
shown in this report.

The following are recommendations to harden organizations against malicious actors:

  • Create a holistic approach to cyber security, which includes focusing on the three important
    components of a security program: people, process and technology.
  • Implement training and awareness programs that educate employees on how to identify and protect their organization from such attacks as phishing.
  • Build a strong security operations team with clear policies in place to respond effectively to
    security incidents.
  • Leverage shared threat intelligence in order to identify and prevent attacks seen by your
  • Invest in next-generation technology such as threat intelligence sharing and integrated
    security platforms that can prevent attacks and other advanced security technologies.

Where the presidential candidates stand on Snowden, surveillance

Bob Sullivan

Bob Sullivan

What do the presidential candidates think of domestic intelligence collection — or spying on Americans, depending on your point of view?  What do they think of Ed Snowden?

We haven’t heard a lot about the NSA or Snowden during the noisy campaigns so far, and that’s a shame. That’s because all the air is being sucked out of the conversation by more trivial concerns, such as Donald Trump’s debate schedule.  But all the candidates have spoken about domestic spying and about Snowden.

As we welcome election season proper, here’s a primer on the candidates’ views.

But first, a few notes: The most remarkable item of note is that Sen. Bernie Sanders voted against the original Patriot Act back in 2001 as a member of the House. He’s part of a very select group who did so.

Second, while some candidates have expressed a bit more sympathy for Snowden’s role as whistleblower, they’ve all called for him to face prosecution for treason. Even Sanders.


Marco Rubio

On Snowden: He “sparked conspiracy theories”

From the Atlantic: “We must also distinguish these reasonable concerns from conspiracy theories sparked by Edward Snowden. This man is a traitor who has sought assistance and refuge from some of the world’s most notorious violators of liberty and human rights.”

On domestic surveillance: (The Washington Post) Those who voted for the Freedom Act, like Ted Cruz, put America at risk by making it harder to gather intelligence.

Ted Cruz

On Snowden: His opinion seems to have grown harsher over time

In 2013, he said ( “If it is the case that the federal government is seizing millions of personal records about law-abiding citizens, and if it is the case that there are minimal restrictions on accessing or reviewing those records, then I think Mr. Snowden has done a considerable public service by bringing it to light.”

More recently, he said: “Today, we know that Snowden violated federal law, that his actions materially aided terrorists and enemies of the United States, and that he subsequently fled to China and Russia,” he continued. “Under the Constitution, giving aid to our enemies is treason.”

On surveillance: (The Guardian) Cruz has defended his Senate for the USA Freedom Act, which clarified the NSA’s metadata telephone records collection pogram

Donald Trump

On Snowden: He’s hinted that he’d lead a charge to return and execute Snowden.

“I think he’s a terrible traitor, and you know what we used to do in the good old days when we were a strong country? You know what we used to do to traitors, right?” Trump said on Fox. 

On surveillanceI tend to err on the side of security, I must tell you,” he has said (  “I assume when I pick up my telephone people are listening to my conversations anyway, if you want to know the truth… It’s a pretty sad commentary.”

He also said he would be “fine” with restoring provisions of the Patriot Act ( to allow for the bulk data collection.


Hillary Clinton

On Snowden: He should ‘face the music’

(The Atlantic) “He broke the laws of the United States… He could have been a whistleblower, he could have gotten all the protections of a whistleblower. He chose not to do that. He stole very important information that has fallen into the wrong hands so I think he should not be brought home without facing the music.”

On surveillance:

Clinton voted for both the 2001 Patriot Act and the 2008 FISA Amendments that extended NSA data collection capabilities.  More on her views at The Atlantic.

Bernie Sanders

On Snowden: “I think Snowden played a very important role in educating the American public … he did break the law, and I think there should be a penalty to that,” Sanders said ( He went on to say that the role Snowden played in educating the public about violations of their civil liberties should be considered before he is sentenced. On the other hand, this mildly Snowden sympathetic story is posted on Sanders’ senate webpage.

On surveillance:

Sanders voted against Patriot Act in 2001 as a member of the House of Representatives.  Later in the Senate, he voted against the 2008 FISA Amendments.