Transcription
Economic impact of DDoS attacksAbhishtas.abhishta@utwente.nlUniversity of TwenteNovember 14, 2016Abhishta (UT)Economic impact of DDoS attacksNovember 14, 20161 / 11
Contents31DDoS attack as an economicproblem452Research ObjectiveAbhishta (UT)6Influence diagram for a DDoSattackMotivation behind DDoS attacksImpact on stock marketReferencesEconomic impact of DDoS attacksNovember 14, 20162 / 11
DDoS attack as an economic problemDDoS attack as an economic problemAs DDoS attacks result in the unavailability of network resources for theintended user they can lead to economic losses for businesses in variousways. These losses can be both direct and indirect Anderson et al. 2012.Financial damages due to infrastructural downtime, loss of onlinetraffic, paid ransom and customer compensation etc. are accountedas direct losses.Damage to company’s reputation and impact at stock prices etc. areconsidered to be indirect.Threat of DDoS attacks lure companies into investing in protection andinsurance services hence, making it an economic decision for the firms.Abhishta (UT)Economic impact of DDoS attacksNovember 14, 20163 / 11
Research ObjectiveActorsCustomersof VictimAttackerCollateralVictimsTargetedVictimDDoS protectioncompaniesVictimFigure: Interdependencies between the actorsAbhishta (UT)Economic impact of DDoS attacksNovember 14, 20164 / 11
Research ObjectiveResearch ObjectiveTo study and model the impact of the damage caused by DistributedDenial of Service attacks to public/private enterprises and to recommendstrategies for investment so as to minimize this damage.Abhishta (UT)Economic impact of DDoS attacksNovember 14, 20165 / 11
Influence diagram for a DDoS attackInfluence diagram for a DDoS attackFigure below shows the relationship between the various variables thatmight cause in an attack and are likely to effect the losses of the victimfirm.Characterstics of acompanyMotivation ofAttackersCompositionof costsPrevious securitymeasuresLikelihood ofan attackImpact of attackon the companyVulnerability toan attackThreat ofan attackEstimation of monetarydamage to the companyMeasures forenhancing securityFigure: Influence diagram for a DDoS attackAbhishta (UT)Economic impact of DDoS attacksNovember 14, 20166 / 11
Motivation behind DDoS attacksMotivation behind DDoS attacksThe incentives for attackers to use DDoS attacks can be broadly devidedas:Economic incentivesNon-economic incentivesFigure: Motivations behind DDoS attacksAbhishta (UT)Economic impact of DDoS attacksNovember 14, 20167 / 11
Impact on stock marketImpact on stock market: Results1Stock price of the firm does not drop when the customer service isnot affected.2Drop in stock prices was visible in case of ING bank in 2013.3Indication of loss in victim stock prices when critical infrastructure isunder attack.Abhishta (UT)Economic impact of DDoS attacksNovember 14, 20168 / 11
ReferencesReferences IJohn Stewart, Lincoln Stein (2015). WWW Security FAQ: SecuringAgainst Denial of Service Attacks. url:http://www.w3.org/Security/Faq/wwwsf6.html (visited on09/25/2015).Worldwide Infrastructure Security Report, Arbor Networks (2015).Cost of Cyber Crime Study: Global, Ponemon Institute (2015).Anderson, Ross, Chris Barton, B Rainer, Richard Clayton,Michel J G Van Eeten, Michael Levi, Tyler Moore, and Stefan Savage(2012). “Measuring the Cost of Cybercrime”. In: Workshop onEconomics of Information Security.Sauter, Molly (2014). The Coming Swarm. Bloomsbury.Abhishta (UT)Economic impact of DDoS attacksNovember 14, 20169 / 11
ReferencesReferences IIVasudevan, Rangarajan, Z. Morley Mao, Oliver Spatscheck, andJacobus Van Der Merwe (2007). “MIDAS: An impact scale for DDoSattacks”. In: LANMAN 2007 - Proceedings of the 2007 15th IEEEWorkshop on Local and Metropolitan Area Networks.Gordon, Lawrence A., Martin P. Loeb, and Lei Zhou (2011). “The impactof information security breaches : Has there been a downward shift incosts?” In: Journal of Computer Security.Hovav, Anat and John D’Arcy (2003). “Impact of Denial-of-Service attackannouncements on the market value of firms”. In: RISKMANAGEMENT AND INSURANCE REVIEW.Dübendorfer, T., A. Wagner, and B. Plattner (2004). “An economicdamage model for large-scale Internet attacks”. In: IEEE WET-ICE/ES.Gordon, Lawrence A. and Martin P. Loeb (2002). “The economics ofinformation security investment”. In: ACM Transactions on Informationand System Security.Abhishta (UT)Economic impact of DDoS attacksNovember 14, 201610 / 11
ReferencesReferences IIIZhuo, Yueran; Solak, Senay (2015). “Cybersecurity investmentoptimization with risk: Insights for resource allocation”. In: IEOM 2015- 5th International Conference on Industrial Engineering and OperationsManagement, Proceeding.Sauter, Molly (2013). ““LOIC Will Tear Us Apart”: The Impact of ToolDesign and Media Portrayals in the Success of Activist DDOS Attacks”.In: American Behavioral Scientist 57, pp. 983–1007.Abhishta (UT)Economic impact of DDoS attacksNovember 14, 201611 / 11
DDoS attack as an economic problem DDoS attack as an economic problem As DDoS attacks result in the unavailability of network resources for the intended user they can lead to economic losses for businesses in various ways. These losses can be both direct and indirect Anderson et al. 2012. Financial damages due to infrastructural downtime, loss .
