The IT and other media are awash with reports and statistics, many of which, on the surface, appear to be quite different or in conflict.
It is useful to understand some of the reasons why.
- Technology suppliers
- Often the statistics and reports come from technology and security providers.
- The statistics usually represent their specific customer base and the sectors they represent, and so the figures can be quite different.
- Attack differences
- Ransomware attacks have different characteristics to other attacks.
- Ransomware attacks have short dwell times
*compared to longer data breach attacks. The attackers like to make quick intrusions, grab what data they can before launching their ransomware extortion attempts. I have seen dwell times that vary between 5 and 11 days. - In the latest IBM Data Breach Report, 2021, the average dwell time for this type of breach is reported as 203 days. Intruders in this type of attack are interested in monitoring what is going on in an organisation and exfiltrating information over time.
- Cost of an attack
- When a cost of an attack is reported, the organisations rarely report what the cost components include, and so you may as well be comparing apples to trucks!
- It is also likely that organisations will not report some items such as “loss of business”, either in $ terms or number of customers they lost because of the disruption to business.
- Trends
- The key things to look out for in reporting are the trends in known activities and the emergence of new trends that might impact an organisation in the future.
* Dwell Time: The time between the occurrence of the breach and when the breach is detected. It is generally, short for ransomware attacks and through mobile devices, and long for organisational systems and databases.
