Economic impact of DDoS attacks

Abhishta

s.abhishta@utwente.nlUniversity of Twente

November 14, 2016

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 1 / 11

Contents

1 DDoS attack as an economicproblem

2 Research Objective

3 Influence diagram for a DDoSattack

4 Motivation behind DDoS attacks5 Impact on stock market6 References

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 2 / 11

DDoS attack as an economic problem

DDoS attack as an economic problem

As DDoS attacks result in the unavailability of network resources for theintended user they can lead to economic losses for businesses in variousways. These losses can be both direct and indirect Anderson et al. 2012.

Financial damages due to infrastructural downtime, loss of onlinetraffic, paid ransom and customer compensation etc. are accountedas direct losses.

Damage to company’s reputation and impact at stock prices etc. areconsidered to be indirect.

Threat of DDoS attacks lure companies into investing in protection andinsurance services hence, making it an economic decision for the firms.

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 3 / 11

Research Objective

Actors

Customers of Victim

AttackerDDoS protection

companiesTargetedVictim

Collateral Victims

Victim

Figure: Interdependencies between the actors

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 4 / 11

Research Objective

Research Objective

To study and model the impact of the damage caused by DistributedDenial of Service attacks to public/private enterprises and to recommend

strategies for investment so as to minimize this damage.

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 5 / 11

Influence diagram for a DDoS attack

Influence diagram for a DDoS attack

Figure below shows the relationship between the various variables thatmight cause in an attack and are likely to effect the losses of the victimfirm.

Characterstics of acompany

Motivation ofAttackers

Likelihood of an attack

Threat of an attack

Compositionof costs

Impact of attackon the company

Estimation of monetary damage to the company

Measures forenhancing security

Vulnerability toan attack

Previous securitymeasures

Figure: Influence diagram for a DDoS attack

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 6 / 11

Motivation behind DDoS attacks

Motivation behind DDoS attacks

The incentives for attackers to use DDoS attacks can be broadly devidedas:

Economic incentivesNon-economic incentives

Figure: Motivations behind DDoS attacks

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 7 / 11

Impact on stock market

Impact on stock market: Results

1 Stock price of the firm does not drop when the customer service isnot affected.

2 Drop in stock prices was visible in case of ING bank in 2013.

3 Indication of loss in victim stock prices when critical infrastructure isunder attack.

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 8 / 11

References

References I

John Stewart, Lincoln Stein (2015). WWW Security FAQ: SecuringAgainst Denial of Service Attacks. url:http://www.w3.org/Security/Faq/wwwsf6.html (visited on09/25/2015).

Worldwide Infrastructure Security Report, Arbor Networks (2015).

Cost of Cyber Crime Study: Global, Ponemon Institute (2015).

Anderson, Ross, Chris Barton, B Rainer, Richard Clayton,Michel J G Van Eeten, Michael Levi, Tyler Moore, and Stefan Savage(2012). “Measuring the Cost of Cybercrime”. In: Workshop onEconomics of Information Security.

Sauter, Molly (2014). The Coming Swarm. Bloomsbury.

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 9 / 11

References

References II

Vasudevan, Rangarajan, Z. Morley Mao, Oliver Spatscheck, andJacobus Van Der Merwe (2007). “MIDAS: An impact scale for DDoSattacks”. In: LANMAN 2007 - Proceedings of the 2007 15th IEEEWorkshop on Local and Metropolitan Area Networks.

Gordon, Lawrence A., Martin P. Loeb, and Lei Zhou (2011). “The impactof information security breaches : Has there been a downward shift incosts?” In: Journal of Computer Security.

Hovav, Anat and John D’Arcy (2003). “Impact of Denial-of-Service attackannouncements on the market value of firms”. In: RISKMANAGEMENT AND INSURANCE REVIEW.

Dubendorfer, T., A. Wagner, and B. Plattner (2004). “An economicdamage model for large-scale Internet attacks”. In: IEEE WET-ICE/ES.

Gordon, Lawrence A. and Martin P. Loeb (2002). “The economics ofinformation security investment”. In: ACM Transactions on Informationand System Security.

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 10 / 11

References

References III

Zhuo, Yueran; Solak, Senay (2015). “Cybersecurity investmentoptimization with risk: Insights for resource allocation”. In: IEOM 2015- 5th International Conference on Industrial Engineering and OperationsManagement, Proceeding.

Sauter, Molly (2013). ““LOIC Will Tear Us Apart”: The Impact of ToolDesign and Media Portrayals in the Success of Activist DDOS Attacks”.In: American Behavioral Scientist 57, pp. 983–1007.

Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 11 / 11