SlideShare uma empresa Scribd logo

Cyber economics v2 -Measuring the true cost of Cybercrime

Shahar Geiger Maor
Shahar Geiger Maor
TecnologiaEconomia e finanças
1 de 18
Baixar para ler offline
Cyberonomics Measuring the true cost of Cybercrime Shahar Geiger Maor
https://twitter.com/Op_Israel/status/320957190309543938 B (daily)
Why Measuring Cyber Security? in :
“…Cybercrime Cost is estimated $1 Trillion worldwide” http://www.whitehouse.gov/video/President-Obama-on-Cybersecurity#transcript http://www.forbes.com/sites/andygreenberg/ /mcafee-explains- the-dubious-math-behind-its-unscientific- -trillion-data-loss-claim
Risk Landscap e (2013) http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2013.pdf
1.8% Of GDP UK = 27B₤ IL = 4.5B$ The Cost Of Cybercrime in Israel (#1) -industry-and-government-joint-crime-cyber-of-cost-https://www.gov.uk/government/publications/the
The Cost Of Cybercrime in Israel (#1) 4.5B$ http://www.slideshare.net/jimmyschwarzkopf/stki-summit-2012-israeli-it-market 4.5B$ ~66% of 6.7B$
Why Measuring Cyber Security Is So Problematic? Too many sources of data The problems of under-recording and under/over-reporting Cybercrime surveys (lack of methodology) Conflicts of interest Terminology and rhetorics What to measure? (impact, loss) http://www.law.leeds.ac.uk/assets/files/staff/FD .pdf
The Costs Of Cybercrime To Society Defense costs Indirect losses Direct losses Cybercrime Supporting Infra. Criminal revenue Cost to society http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf +customizations Terrorist’s gain Vendor revenue
0.19% Of GDP UK = 4.5B₤ IL = 460M$ http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf
The Cost Of Cybercrime in Israel (#2) 460M$ http://mops.gov.il/Documents/Publications/CrimeDamage/CrimeDamageReports/CrimeDamageReport2011.pdf Total cost of crime in Israel (2012): 4B$ Sex Crimes: 170M$ Murder: 100M$ Fraud+ ​Property : 1,960M$ x2. 7 x4. 2 23 %
Some Insights From An Israeli Security Survey This survey refers to 2009-2011 (included) Market Average: 2 incidents in 3 years Per organization Market score: ~400 incidents in 2011 An average security incident looks like this: • Inside factor or known vulnerability/threat • ~50 working hours per incident • ~50K$ per incident (~~~~~~~~~~~) http://www.slideshare.net/shaharmaor/information-security-stki-summit-2012shahar-geiger-maor-12059675
The Cost Of Cybercrime in Israel (#3) 20M$
http://hackingdefined.org/opisrael/rss.xml A Brave New Economic Model Scope Target Impact Timing Reputation Economic gains
Government’s Role In Cyber Economic Measurement Quantitative risk assessment may improve cyber security controls and mitigation. So: Regulators should encourage the use of cyber economic measurement tools One methodology One focal point Discreet reporting
Thank You!

Recomendados

Eric Gundersen Government Push For Open Data Map Where2
Eric Gundersen Government Push For Open Data Map Where2Eric Gundersen Government Push For Open Data Map Where2
Eric Gundersen Government Push For Open Data Map Where2EricGundersen
 
WORLD NEWS - AUGUST 14, 2014
WORLD NEWS - AUGUST 14, 2014WORLD NEWS - AUGUST 14, 2014
WORLD NEWS - AUGUST 14, 2014Headlines.am
 
PCI Challenges
PCI ChallengesPCI Challenges
PCI ChallengesShahar Geiger Maor
 
Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008Shahar Geiger Maor
 
Green Security
Green SecurityGreen Security
Green SecurityShahar Geiger Maor
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2Shahar Geiger Maor
 
Social Sec infosec -pptx
Social Sec infosec -pptxSocial Sec infosec -pptx
Social Sec infosec -pptxShahar Geiger Maor
 
Summit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesSummit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesShahar Geiger Maor
 

Recomendados

Eric Gundersen Government Push For Open Data Map Where2
Eric Gundersen Government Push For Open Data Map Where2Eric Gundersen Government Push For Open Data Map Where2
Eric Gundersen Government Push For Open Data Map Where2EricGundersen
 
WORLD NEWS - AUGUST 14, 2014
WORLD NEWS - AUGUST 14, 2014WORLD NEWS - AUGUST 14, 2014
WORLD NEWS - AUGUST 14, 2014Headlines.am
 
PCI Challenges
PCI ChallengesPCI Challenges
PCI ChallengesShahar Geiger Maor
 
Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008Trends In The Israeli Information Security Market 2008
Trends In The Israeli Information Security Market 2008Shahar Geiger Maor
 
Green Security
Green SecurityGreen Security
Green SecurityShahar Geiger Maor
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2Shahar Geiger Maor
 
Social Sec infosec -pptx
Social Sec infosec -pptxSocial Sec infosec -pptx
Social Sec infosec -pptxShahar Geiger Maor
 
Summit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesSummit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesShahar Geiger Maor
 
News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413GCCCYBER SECURITY
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
The economic impact of cybercrime and cyber espionage
The economic impact of cybercrime and cyber espionageThe economic impact of cybercrime and cyber espionage
The economic impact of cybercrime and cyber espionageBee_Ware
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in CyberwarMehdi Poustchi Amin
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoJoão Rufino de Sales
 
Cyberattacks on the Rise Infographic
Cyberattacks on the Rise InfographicCyberattacks on the Rise Infographic
Cyberattacks on the Rise InfographicSparkCognition
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoCyber Threat Intelligence Network
 
Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Marcio Kanamaru
 
Cyberterrorismv1
Cyberterrorismv1Cyberterrorismv1
Cyberterrorismv1100688767-barrett
 
Industrial Control Cybersecurity for Critical National Infrastructure
Industrial Control Cybersecurity for Critical National Infrastructure Industrial Control Cybersecurity for Critical National Infrastructure
Industrial Control Cybersecurity for Critical National Infrastructure James Nesbitt
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015Marcos Ortiz Valmaseda
 
Most Noticeable Facts About Cybersecurity – Cyberroot Risk Advisory
Most Noticeable Facts About Cybersecurity – Cyberroot Risk AdvisoryMost Noticeable Facts About Cybersecurity – Cyberroot Risk Advisory
Most Noticeable Facts About Cybersecurity – Cyberroot Risk AdvisoryCR Group
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13Signals Defense, LLC
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismshaympariyar
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!amit_shanu
 
Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Avirot Mitamura
 
Career in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxCareer in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxBoni Yeamin
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
From creeper to stuxnet
From creeper to stuxnetFrom creeper to stuxnet
From creeper to stuxnetShahar Geiger Maor
 
Mobile payment v3
Mobile payment v3Mobile payment v3
Mobile payment v3Shahar Geiger Maor
 

Mais conteúdo relacionado

Semelhante a Cyber economics v2 -Measuring the true cost of Cybercrime

News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413GCCCYBER SECURITY
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
The economic impact of cybercrime and cyber espionage
The economic impact of cybercrime and cyber espionageThe economic impact of cybercrime and cyber espionage
The economic impact of cybercrime and cyber espionageBee_Ware
 
Cyberattacks on the Rise Infographic
Cyberattacks on the Rise InfographicCyberattacks on the Rise Infographic
Cyberattacks on the Rise InfographicSparkCognition
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Marcio Kanamaru
 
Industrial Control Cybersecurity for Critical National Infrastructure
Industrial Control Cybersecurity for Critical National Infrastructure Industrial Control Cybersecurity for Critical National Infrastructure
Industrial Control Cybersecurity for Critical National Infrastructure James Nesbitt
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015Marcos Ortiz Valmaseda
 
Most Noticeable Facts About Cybersecurity – Cyberroot Risk Advisory
Most Noticeable Facts About Cybersecurity – Cyberroot Risk AdvisoryMost Noticeable Facts About Cybersecurity – Cyberroot Risk Advisory
Most Noticeable Facts About Cybersecurity – Cyberroot Risk AdvisoryCR Group
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13Signals Defense, LLC
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!amit_shanu
 
Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Avirot Mitamura
 
Career in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxCareer in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxBoni Yeamin
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 

Semelhante a Cyber economics v2 -Measuring the true cost of Cybercrime (20)

News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
The economic impact of cybercrime and cyber espionage
The economic impact of cybercrime and cyber espionageThe economic impact of cybercrime and cyber espionage
The economic impact of cybercrime and cyber espionage
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in Cyberwar
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
Cyberattacks on the Rise Infographic
Cyberattacks on the Rise InfographicCyberattacks on the Rise Infographic
Cyberattacks on the Rise Infographic
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2
 
Cyberterrorismv1
Cyberterrorismv1Cyberterrorismv1
Cyberterrorismv1
 
Industrial Control Cybersecurity for Critical National Infrastructure
Industrial Control Cybersecurity for Critical National Infrastructure Industrial Control Cybersecurity for Critical National Infrastructure
Industrial Control Cybersecurity for Critical National Infrastructure
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015
 
Most Noticeable Facts About Cybersecurity – Cyberroot Risk Advisory
Most Noticeable Facts About Cybersecurity – Cyberroot Risk AdvisoryMost Noticeable Facts About Cybersecurity – Cyberroot Risk Advisory
Most Noticeable Facts About Cybersecurity – Cyberroot Risk Advisory
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!
 
Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186
 
Career in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxCareer in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptx
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber Threat
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 

Mais de Shahar Geiger Maor

Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorShahar Geiger Maor
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorShahar Geiger Maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorShahar Geiger Maor
 
Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protectionShahar Geiger Maor
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelShahar Geiger Maor
 
Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Shahar Geiger Maor
 
Summit 2011 trends in information security
Summit 2011 trends in information securitySummit 2011 trends in information security
Summit 2011 trends in information securityShahar Geiger Maor
 
כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2Shahar Geiger Maor
 
Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8Shahar Geiger Maor
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Shahar Geiger Maor
 
Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Shahar Geiger Maor
 
STKI Summit 2009 -Infrastructure Services Trends
STKI Summit 2009 -Infrastructure Services TrendsSTKI Summit 2009 -Infrastructure Services Trends
STKI Summit 2009 -Infrastructure Services TrendsShahar Geiger Maor
 
Trends in the World and Israeli Green Data Centers (2008)
Trends in the World and Israeli Green Data Centers (2008)Trends in the World and Israeli Green Data Centers (2008)
Trends in the World and Israeli Green Data Centers (2008)Shahar Geiger Maor
 
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008Shahar Geiger Maor
 
Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008Shahar Geiger Maor
 

Mais de Shahar Geiger Maor (20)

From creeper to stuxnet
From creeper to stuxnetFrom creeper to stuxnet
From creeper to stuxnet
 
Mobile payment v3
Mobile payment v3Mobile payment v3
Mobile payment v3
 
Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maor
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maor
 
Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protection
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM Panel
 
Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2
 
Summit 2011 trends in information security
Summit 2011 trends in information securitySummit 2011 trends in information security
Summit 2011 trends in information security
 
DLP Trends -Dec 2010
DLP Trends -Dec 2010DLP Trends -Dec 2010
DLP Trends -Dec 2010
 
כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2
 
Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010
 
Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1
 
Security Summit July 2009
Security Summit July 2009Security Summit July 2009
Security Summit July 2009
 
IPv6
IPv6IPv6
IPv6
 
STKI Summit 2009 -Infrastructure Services Trends
STKI Summit 2009 -Infrastructure Services TrendsSTKI Summit 2009 -Infrastructure Services Trends
STKI Summit 2009 -Infrastructure Services Trends
 
Trends in the World and Israeli Green Data Centers (2008)
Trends in the World and Israeli Green Data Centers (2008)Trends in the World and Israeli Green Data Centers (2008)
Trends in the World and Israeli Green Data Centers (2008)
 
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
Trends in the Israeli Infrastructure Services/STKI Summit -Update June 2008
 
Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008Green IT Trends in Israel July 2008
Green IT Trends in Israel July 2008
 

Último

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Último (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

Cyber economics v2 -Measuring the true cost of Cybercrime

  • 1. Cyberonomics Measuring the true cost of Cybercrime Shahar Geiger Maor
  • 2.
  • 4. Why Measuring Cyber Security? in :
  • 5.
  • 6. “…Cybercrime Cost is estimated $1 Trillion worldwide” http://www.whitehouse.gov/video/President-Obama-on-Cybersecurity#transcript http://www.forbes.com/sites/andygreenberg/ /mcafee-explains- the-dubious-math-behind-its-unscientific- -trillion-data-loss-claim
  • 8. 1.8% Of GDP UK = 27B₤ IL = 4.5B$ The Cost Of Cybercrime in Israel (#1) -industry-and-government-joint-crime-cyber-of-cost-https://www.gov.uk/government/publications/the
  • 9. The Cost Of Cybercrime in Israel (#1) 4.5B$ http://www.slideshare.net/jimmyschwarzkopf/stki-summit-2012-israeli-it-market 4.5B$ ~66% of 6.7B$
  • 10. Why Measuring Cyber Security Is So Problematic? Too many sources of data The problems of under-recording and under/over-reporting Cybercrime surveys (lack of methodology) Conflicts of interest Terminology and rhetorics What to measure? (impact, loss) http://www.law.leeds.ac.uk/assets/files/staff/FD .pdf
  • 11. The Costs Of Cybercrime To Society Defense costs Indirect losses Direct losses Cybercrime Supporting Infra. Criminal revenue Cost to society http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf +customizations Terrorist’s gain Vendor revenue
  • 13. The Cost Of Cybercrime in Israel (#2) 460M$ http://mops.gov.il/Documents/Publications/CrimeDamage/CrimeDamageReports/CrimeDamageReport2011.pdf Total cost of crime in Israel (2012): 4B$ Sex Crimes: 170M$ Murder: 100M$ Fraud+ ​Property : 1,960M$ x2. 7 x4. 2 23 %
  • 14. Some Insights From An Israeli Security Survey This survey refers to 2009-2011 (included) Market Average: 2 incidents in 3 years Per organization Market score: ~400 incidents in 2011 An average security incident looks like this: • Inside factor or known vulnerability/threat • ~50 working hours per incident • ~50K$ per incident (~~~~~~~~~~~) http://www.slideshare.net/shaharmaor/information-security-stki-summit-2012shahar-geiger-maor-12059675
  • 15. The Cost Of Cybercrime in Israel (#3) 20M$
  • 16. http://hackingdefined.org/opisrael/rss.xml A Brave New Economic Model Scope Target Impact Timing Reputation Economic gains
  • 17. Government’s Role In Cyber Economic Measurement Quantitative risk assessment may improve cyber security controls and mitigation. So: Regulators should encourage the use of cyber economic measurement tools One methodology One focal point Discreet reporting

Notas do Editor

  1. ב-7 באפריל 2013 הותקפו אתרי אינטרנט ישראלים בארץ ובעולם במבצע שנודע כ- OpIsrael. המתקפה התרחשה בהמשך למבצע "עמוד ענן" של צה"ל בסוף 2012 ברצועת עזה וכתגובה למדיניות ישראל בשטחים. למבצע הקיברנטי קדמו פרסומים רבים וכן סרטוני תעמולה של ארגון Anonymous אשר הוביל את ההתקפה. מארגני המבצע איימו לנתק את מדינת ישראל מהאינטרנט וקבעו רף חדש במערכה התודעתית וביחסים בין טרור קיברנטי למדינה. במהלך השבועות שקדמו להתקפה הורגשה בשוק המקומי תכונה רבה לקראת העתיד לבוא. בארגונים רבים, במיוחד באלה הנמנים על המגזרים המועדים להתקפות על רקע לאומני, התקיימו ישיבות הכנה, בוצעו פעולות מנע וטיוב למערכות ההגנה, אורגנו התייעצויות עם גורמים מקצועיים ונאסף מודיעין לקראת ההתקפה. במהלך ההתקפה עצמה, אשר נמשכה כל סוף השבוע שקדם ל- 7 באפריל וכן במהלך אותו יום ובימים לאחר מכן, הותקפו אתרים של חברות וארגונים מכל הסוגים, רשויות ציבוריות, משרדי ממשלה, גופים ביטחוניים וכל יעד אחר שהמתקיפים שייכו למדינת ישראל או למוסדות המזוהים עמה. http://www.youtube.com/watch?v=q760tsz1Z7M
  2. דוגמא לסוגיה ניתן למצוא במחקר, שפירסמה בשנת 2009 חברת מקאפי, אשר העריך את סך הנזק הגלובלי כתוצאה מפעולות קיברנטיות בלתי לגיטימיות בסכום הדמיוני של טריליון דולר בשנה. מחקר זה נוצל בשעתו בידי חלק מאנשי הממשל כדי לשכנע את הנשיא אובמה לתקצב בנדיבות את המאמצים הקיברנטיים של ארצות הברית. לדבר על המאמר הראשון של מקאפי ועל זה שהם הסתבכו עם המספר הזה: http://news.slashdot.org/story/13/08/19/1522217/mcafee-regrets-flawed-trillion-dollar-cyber-crime-claimshttp://news.cnet.com/8301-1009_3-57594989-83/cyberattacks-account-for-up-to-$1-trillion-in-global-losses/,
  3. האתגר המרכזי כאן הוא אפוא מדידה אפקטיבית של השפעת עולם הסייבר על הכלכלה. אבל מה עומד מאחורי הביטוי מדידה אפקטיבית? מחקר שפורסם בשנת 2010 על ידי Fafinski, Dutton, Margetts מאוניברסיטת אוקספורד ניסה לעשות סדר במדידה של פשיעת סייבר. מחקר זה הצביע במפורש על חלק מהקשיים המרכזיים באיסוף מידע אמין לביצוע המדידה: עודף במקורות מידע –בעולם שבו אנו חיים קיים מגוון עצום של מקורות מידע. גם בתחום מחקר הסייבר קיימים עשרות רבות של גופים בינלאומיים ומקומיים אשר עוסקים בנושא. הקושי העיקרי כאן הוא שאין תקן אחיד לאיכות הנתונים ואין שום הבטחה לגבי נכונותם.תיעוד חסר של אירועי סייבר –בהמשך לנקודה הראשונה ולמרבה האירוניה, הפחד מפרסום שלילי או ריגול בקרב ארגונים שסבלו מאירוע סייבר, העדר חובת דיווח והעדר תקן לצורת הדיווח מביאים לכך שלכלל תושבי כדור הארץ אין כיום תמונת מצב מהימנה לגבי אירועי סייבר והשפעתם המצטברת על הכלכלה. סקרי סייבר –כמו שכבר הוזכר למעלה, אין מתודולוגיה מוכרת לביצוע סקרים בנושא הנזק הנגרם כתוצאה מאירועי סייבר. כמו כן, אין כמעט סקרים אשר ביצעו עבודה מקיפה למדידה של הנזק הנ"ל. יש לציין כי סקרים ורטיקלים נחשבים למדוייקים יותר וניתן באמצעותם לקבל, לעתים, תמונת מצב טובה על הנעשה במגזר מסויים. עדיין, תמונה כללית על שוק או מדינה אינם בנמצא.ניגוד אינטרסים והטיות –סקרים רבים מבוצעים על ידי גורמים אשר יש להם אינטרס מסויים בשוק של פשיעה קיברנטית. חברות אשר מוכרות מוצרים בתחום עלולות לפרסם נתונים מנופחים על מנת לשדר בהלה ודחיפות ולנסות לשכנע לקוחות לרכוש את מוצריהם.שפה ורטוריקה –אוכלוסיות שונות משתמשות בטרמינולוגיה שונה ועל ידי כך מקשות על כלל הציבור לקבל תמונה מהימנה של האירועים. דוגמא טובה לכך היא הדרמטיזציה שעיתונאים עושים לתחום הסייבר בכיסוי שלו במדיות השונות. דוגמא נוספת מישראל היא השיח הקולני, לעתים, אשר מובל על ידי נבחרי ציבור שונים שמנסים למשוך את תשומת הלב הציבורית לנושא באמצעות תיאורים אפוקליפטים ודימויים מוגזמים. http://www.law.leeds.ac.uk/assets/files/staff/FD18.pdfhttp://main.knesset.gov.il/Activity/committees/Science/News/pages/pr_980_01011900.aspx
  4. עורכי המחקר מציעים להפריד בין תחומים שלגביהם קיים מידע ונתונים אשר מאפשרים לבצע מדידה כמו הונאות בכרטיסי אשראי, הונאות בבנקאות באינטרנט, זיופים שונים בתחום המוסיקה והוידאו ועוד לבין תחומים שאין לגביהם נתונים כלל. בכל תחום מתחומי ההונאה השונים נבחר מקור המידע האמין ביותר לדעת החוקרים וכך הורכבה התמונה השלמה. החוקרים התבססו על הנחה נוספת, לפיה בריטניה אחראית ל 5% מסך התמ"ג העולמי וזאת כדי לבצע מנפולציות על נתונים מהרמה העולמית לרמה המקומית וההיפך. סך הממצאים מרוכזים בטבלה הבאה:http://data.worldbank.org/country/united-kingdomהמספרים המודגשים חושבו בהתבסס על הנחות ומחקרים בכל תחום ואילו המספרים לצידם, שאינם מודגשים, חושבו על פי חלקה היחסי של בריטניה מסך התמ"ג העולמי.על פי נתונים אלו, עלות פשיעת הסייבר בבריטניה עומדת על כ- 18.5 מיליארד דולר (0.77% מהתמ"ג הבריטי). עם זאת, יש לשים לב לפרמטר מאוד חשוב בטבלה: במחקר נלקחו בחשבון סעיפי עלות להונאות מתחומי המס והרווחה מתוך הבנה כי חלק גדול מהאינטראקציה בין האזרח לרשויות היא אלקטרונית. כך, למשל, הונאות מס נעשות כיום, במקרים רבים, במערכות ממוחשבות ועל פי מחקר זה יש לראות בהן הונאות של תחום אשר הופך לקיברנטי. עם זאת, יתכן שלא כולם יסכימו לפרשנות זו, שכן בדוגמה זו מהות העבירה היא לא קיברנטית, למרות שהאמצעי הטכני לביצועה -כן. שני חלקים אלה תורמים כ- 14 מיליארד דולר עלות הכוללת. אם ננקה את שני הסעיפים הללו נראה כי סך העלות כתוצאה מפשיעת סייבר בבריטניה עומדת על כ- 4.5 מיליארד (0.19% מהתמ"ג הבריטי). אם נקיש מנתונים אלה על השוק הישראלי נגלה כי 0.19% מהתמ"ג הישראלי מסתכמים ב- 460 מיליון דולר. וזו, על פי מחקר זה, היא עלות הפשיעה הקיברנטית בישראל.החישוב: תמ"ג בישראל (248 מיליארד $ בקירוב) כפול 0.19%: 248B*0.19%=460M