Just catching up with some reading. This June report on cybercrime might interest some.
The report Net Losses: Estimating the Global Cost of Cybercrime - Economic Impact of Cybercrime II, written by the Center for Strategic and International Studies (CSIS), attempts to put a cost on the effects of cybercrime and cyber espionage by assessing the economic impacts. It discusses the problem of incomplete data, differences between countries and regions, tolerance for cybercrime, and the particular problems of valuing the cost of stolen intellectual property. Appendix B includes some estimates of the size of the vendor market in cybersecurity by product area — buying vendor solutions is not the whole answer of course.
The report mentions how cybercrime produces high returns at low risk and (relatively) low cost for the hackers and points out the two most common exploitation techniques which are both surprisingly cheap to undertake:
- Social engineering, where a cybercriminal tricks a user into granting access, and
- Vulnerability exploitation, where a cybercriminal takes advantage of a programming or implementation failure to gain access.
Given the choices organisations and countries have to make about risk acceptance and how much to defend themselves, the authors point out that without adequate awareness of the potentials losses or their vulnerability, they will underestimate the risk.
This world level view may not be so relevant to everyone, but the concepts and some of the data might be of use in your own application risk assessments. The report is fully referenced and also includes some good resources in its bibliography.
Posted on: 19 July 2014 at 18:45 hrs