NASA hacker compensation payment refusal case highlights the high cost of data breach remediation says SecurEnvoy
July 2011 by SecurEnvoy co-founder Steve Watts
Reports that a Romanian hacker has refused to compensate the US government for hacking of various government systems comes as no surprise to Andy Kemshall, the chief technology officer of SecurEnvoy, the multi-factor authentication specialist.
"The case is interesting as the order to reimburse the US government was made in a Romanian court, after prosecutors realised they could not extradite the 27-year-old hacker to stand trial for hacking the servers of NASA, the Department of Energy and the US Navy," said Kemshall.
"But more than anything, the case brings home the very real costs associated with remediating a data breach. It’s not just the cost of mopping up after the hacker(s), but it’s the cost of putting things completely right after the event," he added.
According to the SecurEnvoy CTO, the US government originally claimed that the cost of remediation came to $1.5 million, which is figure few normal people would ever have paid.
They would probably go bankrupt, as it is cheaper in the long run. $240,000 however, is a feasible amount, especially if the person concerned has assets such as a house or a business, he explained.
The case, says Kemshall, should act as a clear warning to anyone involved in IT security management, as it shows the very real costs in solving matters when things go seriously wrong, and an organisation’s IT security is compromised.
It is unlikely that the US government will ever be able to recoup the cost of remediating the various systems breaches caused by the Romanian hacker in the last decade, he explained, but the size of the expenditure involved is almost certainly a lot higher than the cost of deploying effective security to defend the servers concerned.
Good IT security, says Kemshall, is never as expensive as many people think it is - and will always be cheaper than the very real costs of mopping up and making good after a data breach.
"Dr Larry Ponemon, the founder of the Ponemon Institute, has stated many times in his various reports that the real costs of remediating a data breach are very significant. His latest report in March (http://bit.ly/o3EwW6), for example, identified that the cost had reached £1.9 million per incident, a figure that has risen steadily in recent years," he said.
"That figure is 13 per cent up on a year earlier, and was up 18 per cent on a year still earlier. A two million pound price tag on a data breach is a lot of money. It’s a lot cheaper to defend an IT platform," he added.