Measuring the high costs of web malware.

Author:Guruswamy, Kowsik

Aransomware attack is terrible for consumers, employees and businesses--and you can put a price tag on recovery.

According to FBI's report in April 2016, "Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers," as reported by CNN. A typical ransomware might demand a payment of $ 10,000 or more; such as how the Hollywood Presbyterian Medical Center forked over $17,000 in February.

Just as importantly, the costs of recovering from a ransomware or other cyberattack are well understood ... but how much should an organization spend to prevent one in the first place?

CEOs and others accept that they have to invest in cyber-protection. The bad news is that it is difficult to judge if they are spending wisely, not overspending out of fear. The good news is that there are ways to spend smarter, getting a better security posture while also reducing expenditures. Let's get into that shortly, but first, let's look at one of the biggest attack surfaces facing modern businesses: Websites that can deliver malware, including ransomware.

How the web can wreak havoc

Websites are one of the most common malware vectors that can provide the entry point to many other types of hack attacks. Block access to the web, and you've made a dent in overall cybersecurity risks.

There are more than 550 million malware variants, reports AV-TEST, with more than 390,000 new malicious programs being identified every day. There are multiple ways malware gets into an end-user's computer--and from there, the malware might have unfettered access to everything on that computer and other resources on the business network. In many cases the end user did absolutely nothing wrong ... but became infected anyway. Blocking access to these uncategorized sites reduces the chances of malware infection, but introduces a number of problems and hidden costs, such as more help-desk tickets.

The problems with allowing access to uncategorized sites

* Risk: The risk of malware from allowing access to uncategorized sites it significant. A large Fortune 50 financial services institution tasked their security research team to analyze the sources of malware infections for 3 months. Their internal report showed that more than 60% of the infections were from uncategorized sites. These infections are costly given that a large enterprise can spend an average of almost 600 hours each week on malware containment...

To continue reading