Toward a Standard Model for the Costs of Cybersecurity Attacks
Abstract
Our research agenda set out to build a better understanding of the harms caused by cyber attacks at the scale of individual users. To that end, we mined real-time open source intelligence feeds to better characterize the harms that cause users to seek help on the open Internet. These investigations led to a better understanding of the broad distributions of various types of data, monetary, and temporal harm visited upon users. Additionally, a broad understanding of the harmful impact of cybersecurity incidents requires an investigation of how people characterize and cope with these adverse experiences in general. To that end, we conducted semi-structured interviews with 21 individuals who reported a variety of cybersecurity incidents, consequences, and coping mechanisms. We found that the experiences can be characterized along a bounded to fuzzy spectrum. As the majority of current cybersecurity efforts focus on relatively bounded incidents, we make the case that fuzzy incidents deserve similar attention because their harmful impacts are deeper and longer-lasting. Our insight can be applied to improve and personalize the delivery of cybersecurity interventions, and unearthed a potential strategic link between general (rather than applied) cybersecurity education and cybersecurity best practice adherence.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 07, 2020
- Accession Number
- AD1103176
Entities
People
- Christopher Kanich
- Huixin Tian
- Jason Polakis
- Sameer Patil
Organizations
- University of Illinois at Chicago