Cyber attacks are dirt cheap

Deloitte says the cost of committing a cyber attack is so surprisingly low that anyone can afford to be a bad guy. When you picture a cybercriminal organization today, you should be thinking about a group of individuals who run their operations like a business; concerned with profit and loss, looking for ways to execute as inexpensively as possible, while yielding the largest return. But what you don’t necessarily need to have in that vision is an organization with a large cash reserve.

Watch for fake security alerts
According to Deloitte’s newest report, Black-market ecosystem: Estimating the cost of “Pwnership”, the cost of running a campaign is so low, it’s downright reasonable as a business model for even the smallest cybercriminal business.

Some cyber attack examples from the report include:

  • DDOS attack (single website) – as low as $10/hour
  • Compromised RDP credentials/IP – as low as $5
  • Complete phishing kits – $300
  • Ransomware kits – uses affiliate model, as low as 20% of ransom
  • Remote Access Trojan – as low as $8/month
  • Banking Trojan – as low as $141/month

All of this pricing data – and the tons more found in the report – makes the case that a) some cybercriminals are simply in the business of building evil tools and selling off their use, and b) it’s incredibly cheap for anyone wanting to engage in cyberattacks to do so without incurring a ton of cost up front.

Organizations can no longer rely on simple security measures to protect themselves. Cybercriminal organizations are competing for the purchase of their wares (just like the good guys) – and that means making the most effective and impactful bad guy software possible, improving on it daily.

A layered defense is the solution

To counter the growing onslaught of attacks, organizations need to have a layered defense in place that includes protecting the perimeter (logically speaking, email and web), the endpoint (think AV, endpoint protection, etc.), and the user (with Security Awareness Training). Using a layered defense that includes the user, organizations reduce the risk of the majority of attacks that rely on social engineering (e.g., phishing, vishing, and smishing) to compromise endpoints or users.

Participating in a cyber attack is no longer a cost-prohibitive proposition. So, organizations need to ensure proactive measures are in place to minimize the success of what is sure to be a expanding threat.

Cyber Safety net is a KnowBe4 partner. Reposted with permission from https://blog.knowbe4.com/its-cheaper-than-you-think-to-launch-a-cyber-attack. Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.