Economic impact of DDoS attacks - University of Twente ... · Threat of DDoS attacks lure companies...
Transcript of Economic impact of DDoS attacks - University of Twente ... · Threat of DDoS attacks lure companies...
Economic impact of DDoS attacks
Abhishta
[email protected] of Twente
November 14, 2016
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 1 / 11
Contents
1 DDoS attack as an economicproblem
2 Research Objective
3 Influence diagram for a DDoSattack
4 Motivation behind DDoS attacks5 Impact on stock market6 References
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 2 / 11
DDoS attack as an economic problem
DDoS attack as an economic problem
As DDoS attacks result in the unavailability of network resources for theintended user they can lead to economic losses for businesses in variousways. These losses can be both direct and indirect Anderson et al. 2012.
Financial damages due to infrastructural downtime, loss of onlinetraffic, paid ransom and customer compensation etc. are accountedas direct losses.
Damage to company’s reputation and impact at stock prices etc. areconsidered to be indirect.
Threat of DDoS attacks lure companies into investing in protection andinsurance services hence, making it an economic decision for the firms.
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 3 / 11
Research Objective
Actors
Customers of Victim
AttackerDDoS protection
companiesTargetedVictim
Collateral Victims
Victim
Figure: Interdependencies between the actors
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 4 / 11
Research Objective
Research Objective
To study and model the impact of the damage caused by DistributedDenial of Service attacks to public/private enterprises and to recommend
strategies for investment so as to minimize this damage.
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 5 / 11
Influence diagram for a DDoS attack
Influence diagram for a DDoS attack
Figure below shows the relationship between the various variables thatmight cause in an attack and are likely to effect the losses of the victimfirm.
Characterstics of acompany
Motivation ofAttackers
Likelihood of an attack
Threat of an attack
Compositionof costs
Impact of attackon the company
Estimation of monetary damage to the company
Measures forenhancing security
Vulnerability toan attack
Previous securitymeasures
Figure: Influence diagram for a DDoS attack
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 6 / 11
Motivation behind DDoS attacks
Motivation behind DDoS attacks
The incentives for attackers to use DDoS attacks can be broadly devidedas:
Economic incentivesNon-economic incentives
Figure: Motivations behind DDoS attacks
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 7 / 11
Impact on stock market
Impact on stock market: Results
1 Stock price of the firm does not drop when the customer service isnot affected.
2 Drop in stock prices was visible in case of ING bank in 2013.
3 Indication of loss in victim stock prices when critical infrastructure isunder attack.
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 8 / 11
References
References I
John Stewart, Lincoln Stein (2015). WWW Security FAQ: SecuringAgainst Denial of Service Attacks. url:http://www.w3.org/Security/Faq/wwwsf6.html (visited on09/25/2015).
Worldwide Infrastructure Security Report, Arbor Networks (2015).
Cost of Cyber Crime Study: Global, Ponemon Institute (2015).
Anderson, Ross, Chris Barton, B Rainer, Richard Clayton,Michel J G Van Eeten, Michael Levi, Tyler Moore, and Stefan Savage(2012). “Measuring the Cost of Cybercrime”. In: Workshop onEconomics of Information Security.
Sauter, Molly (2014). The Coming Swarm. Bloomsbury.
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 9 / 11
References
References II
Vasudevan, Rangarajan, Z. Morley Mao, Oliver Spatscheck, andJacobus Van Der Merwe (2007). “MIDAS: An impact scale for DDoSattacks”. In: LANMAN 2007 - Proceedings of the 2007 15th IEEEWorkshop on Local and Metropolitan Area Networks.
Gordon, Lawrence A., Martin P. Loeb, and Lei Zhou (2011). “The impactof information security breaches : Has there been a downward shift incosts?” In: Journal of Computer Security.
Hovav, Anat and John D’Arcy (2003). “Impact of Denial-of-Service attackannouncements on the market value of firms”. In: RISKMANAGEMENT AND INSURANCE REVIEW.
Dubendorfer, T., A. Wagner, and B. Plattner (2004). “An economicdamage model for large-scale Internet attacks”. In: IEEE WET-ICE/ES.
Gordon, Lawrence A. and Martin P. Loeb (2002). “The economics ofinformation security investment”. In: ACM Transactions on Informationand System Security.
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 10 / 11
References
References III
Zhuo, Yueran; Solak, Senay (2015). “Cybersecurity investmentoptimization with risk: Insights for resource allocation”. In: IEOM 2015- 5th International Conference on Industrial Engineering and OperationsManagement, Proceeding.
Sauter, Molly (2013). ““LOIC Will Tear Us Apart”: The Impact of ToolDesign and Media Portrayals in the Success of Activist DDOS Attacks”.In: American Behavioral Scientist 57, pp. 983–1007.
Abhishta (UT) Economic impact of DDoS attacks November 14, 2016 11 / 11