Protecting What Really Matters: A Lesson in Hard Cybersecurity Choices

November 16, 2015 • Blog Post • By Tim Beyers, HPE Matter Staff Writer


  • For U.S. businesses, cyber crime-related costs have skyrocketed 82 percent in the last six years
  • Art Wong, SVP and GM of Enterprise Security Services for Hewlett Packard Enterprise, says identifying critical assets, knowing what normal is for your network and addressing any abnormal activity are the best ways to protect against a security breach

Hewlett Packard Enterprises Art Wong on how perfect protection simply isnt possible

Crime doesn't pay. Tell that to the hackers who've profited handsomely from the ever-increasing numbers of data heists worldwide.


In its latest global study for Hewlett Packard Enterprise, the Ponemon Institute found that the average annualized cost of cyber crime has reached $15 million per organization in the U.S., and $7.7 million per organization globally. Thats a 19 percent increase per organization in the U.S. since 2014. Even more alarming, U.S. businesses have seen their cyber crime-related costs skyrocket 82 percent in the six years this study has been conducted.

Misplaced priorities


With costs rising at such a pace year after year, you have to wonder, how can businesses keep up? Even with teams of IT professionals and (relatively) abundant resources in place, some of the world's largest organizations still cant keep cyber crooks from grabbing a treasure trove of digital loot, which costs those businesses millions of dollars along the way.


Art Wong, senior vice president and general manager of Enterprise Security Services for Hewlett Packard Enterprise, isn't surprised. Why? Because businesses tend to spend too much time and resources trying to build walls and block bad guys from getting in and not enough on early detection and monitoring for breaches.


"It's no longer a matter of if youll get breached. It's a matter of when", says Wong.


He also cites third party research that shows that it takes an average of 205 days to detect a breach. For its part, Ponemon found that it generally takes an average of 46 days to resolve an incident after a breach has been discovered.


The seven year glitch


And yet 46 days may actually be the minimum. An Eastern European gang orchestrated a series of hacks that stole at least 160 million credit and debit card numbers over seven years. The NASDAQ stock market along with more than a dozen American and international companies were affected by the breaches and just four of the companies breached sighted combined losses of over $400 million.


However, Wong says it's more than the simple fact that these major corporations were breached. The troubling issue is that hackers were in their systems for so long. "That's where the real damages start to occur", he says.


What's even more concerning is, despite headline-grabbing thefts and the rising cost of cyber crime, only 24 percent of the executives that Wong and his team talk to say theyre prepared for an attack.


"That means 76 percent of the enterprises and their executives are not prepared for a cybersecurity breach", Wong says.

So how can they get prepared? Wong argues that IT leaders can accomplish a lot by following these three steps. Along the way, theyll make the hard choices and prioritization decisions needed to protect what really matters in a world where perfect protection simply isnt possible.


  1. Catalog critical assets. Don't blindly commit to defending every email inbox at your company. Instead, ask what data could cause serious damage to your brand, your customers or your partners if it fell into the wrong hands. Once you know, go find out where that data resides and be comprehensive, Wong advises. In one case a company known for handling highly-sensitive information turned to its team for a plan to defend confidential data and found that it was located in way more places than they expected. The company had to rethink its entire approach as a result.
  2. Take a picture of what normal looks like. Wong says that networks - like the human body - exhibit certain normal levels of function. You want to know what normal looks like in your own network. The easiest way to do that is to adopt what's known as a security information and event management (SIEM) platform to monitor whats happening within your enterprise. Think of it as being similar to the hospital equipment that monitors vital signs, but in this case, the patient is a networked digital infrastructure.
  3. Address the outliers. Once you have a clear picture of what normal looks like, Wong suggests you schedule regular assessments through security operations and SIEM to hunt for outliers in the system. Unusual amounts of activity, or activity in an unexpected place, could signal a breach. Wong calls these indicators of compromise, and theyre derived from years of studying major breaches.


Finally, Wong says to be diligent and celebrate regulations. "They are your friend. Compliance doesnt equal security, but it ensures at least a minimum level of protection that enterprises need to get to", he argues.


Judging by Ponemon's findings, they can't get there fast enough.