Toward a Standard Model for the Costs of Cybersecurity Attacks
Technical Report,01 Sep 2018,31 Dec 2019
University of Illinois Chicago United States
Pagination or Media Count:
Our research agenda set out to build a better understanding of the harms caused by cyber attacks at the scale of individual users. To that end, we mined real-time open source intelligence feeds to better characterize the harms that cause users to seek help on the open Internet. These investigations led to a better understanding of the broad distributions of various types of data, monetary, and temporal harm visited upon users. Additionally, a broad understanding of the harmful impact of cybersecurity incidents requires an investigation of how people characterize and cope with these adverse experiences in general. To that end, we conducted semi-structured interviews with 21 individuals who reported a variety of cybersecurity incidents, consequences, and coping mechanisms. We found that the experiences can be characterized along a bounded to fuzzy spectrum. As the majority of current cybersecurity efforts focus on relatively bounded incidents, we make the case that fuzzy incidents deserve similar attention because their harmful impacts are deeper and longer-lasting. Our insight can be applied to improve and personalize the delivery of cybersecurity interventions, and unearthed a potential strategic link between general rather than applied cybersecurity education and cybersecurity best practice adherence.
- Computer Programming and Software
- Computer Systems Management and Standards