ROI at Hacker Inc.: How They Make Money, and How To Change the Equation

By Yoram Salinger, CEO of Perception Point

Business is good for hackers. By 2021, according to researchers, returns will have doubled – gaining them $6 trillion, up from $3 trillion in 2015, all coming from the companies they rip off. An AT&T cybersecurity report calls it “the greatest transfer of economic wealth in human history.” Besides this transfer of corporate wealth to the hackers, organizations are spending more than ever to defend themselves. Between 2017 and 2021, a total of some $1 trillion will be spent by top companies on cyber-defense – yet the hackers are still racking up wins.

As in any business, when hackers decide on a mode of attack, it's because they are confident that their attack is going to pay off. Like every firm, “Hacker Inc.” has to decide what investments to make (ie which hacks to develop) and predict ROI on those investments (ie which attacks will pay off the most), while taking into account the competition (other hackers, cyber-defense systems), regulators and law enforcement, among other issues. If they choose a specific form of attack, it's because they believe they will profit from it.

And even if an organization can successfully defend against a specific attack, hackers have a great many alternatives that they can utilize to ensure success - and these alternatives are growing. First, the attack surface itself is widening. Despite the fact that while most attacks still originate via email – 10,000 users equal 10,000 points of entry – new attack alternatives are popping up as organizations take on collaborative work channels like shared drives, messaging, social media, etc. An organization may be well fortified and trained on email safety, but now hackers can easily take the infected files and URLs they’ve already developed and move them across to less secure channels.  

On top of that, there are hundreds of millions of variants of malware. Even if they come across a well-defended victim, hackers just need to make some modifications to their malware code and make it different enough that, for example, an anti-virus system will not recognize the variant or so heavily masked it will trick a sandbox. For hackers, it simply takes persistence and patience, and eventually their efforts will pay off.

Contrast that with the ROI for victims who are spending hundreds of millions to protect themselves – but are still experiencing frequent attacks, and paying the huge expenses caused by subsequent breaches.

The objective of organizations, then, must be to reverse this situation – to ensure that they are getting the most out of their security dollars, while providing hackers with far less opportunity to successfully attack. For that to happen, IT needs to look into how they can leverage moves to the cloud to streamline their security while at the same time making it far more effective and efficient. There are new security solutions today that are designed for the cloud enterprise, as well as the continuously evolving modern threat landscape.

First, IT will need to have an effective security strategy for the new content channels proliferating across the organization. These are essential productivity tools and growing, with some having as many as 20 apps in a single enterprise. According to a recent study, 2/3 of companies have already been attacked via these channels. IT needs to ensure content like files and URLs being shared in these channels are being scanned just as deeply as in email.

But that doesn't mean instituting different solutions for the varied threats – that just increases complications, adds expenses, and creates headaches for IT staff. Rather, IT should seek out holistic solutions that protect email, shared drives, messaging – and anywhere else files or URLs are exchanged. This can greatly simplify the overall architecture, while allowing IT to more efficiently manage the attack surface.

In addition, IT and security vendors alike need to realize that they are fighting an expensive and unwinnable battle by focusing on chasing malware. With 670 million new malware variants in 2017 (+88% YoY) and set to continue growing at the same rate, staying on top of this is impossible. Currently, defenders are spending the majority of their time, resources and money on dealing with this post-mortem analysis, chasing the millions of new malware variants, while also attempting to contain the damage they may do post-breach.

Despite all of the technologies, there is still a lack of visibility into one of the most important phases of a cyber attack - exploitation. Exploit techniques are the root cause of malware variants and, even though there are hundreds of millions of malware, there are only 10-12 different exploit techniques. It is possible to completely eliminate the need for resource intensive malware analysis by investing in technologies that simply stop the exploit. These solutions need to have CPU-level visibility in order to see attacks at their initial stage of execution, before they are able to be masked. Stopping the attack at this stage is essentially preventing attempts before attackers reach the castle walls, and will ultimately save time, hundreds of millions of dollars and resources on incident response, malware analysis and recovery.

There’s no denying that hacking is a very attractive business and, currently, far more profitable and successful than the defense side. But, as enterprises actively embark on productivity, innovation and efficiency measures across the board, security teams now have the opportunity to turn the tables by making smart investments in a new generation of security technologies that will even the playing field and greatly improve their ROI.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AT&TInc.

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Yoram Salinger

Latest Videos

More videos

Blog Posts