A major factor in attacking and defending in the cybersecurity realm is money. Financial consequences greatly affect both the adversaries and analysts. The paper focuses on how financial penalties for defender’s mistakes can affect the vulnerability of the system. The first mistake of defenders that the paper discusses is missing an attack. According to the paper, a significant portion of organizations view this type of a mistake as a “fireable offense.” The second type of mistake is false-alarm, which happens when defenders make services unavailable to protect data from potential adversaries, even though there is no actual cyber attack. Many companies were found to penalize employees for this mistake as well, because false-alarms cause loss in profit and reputation.
The paper describes an experiment performed to study the effect of penalties on the defenders’ mistakes on the effectiveness of cybersecurity. The experiment shows that these penalties break Nash equilibrium between attackers and defenders. Specifically, when misses were penalized, the defendants were more likely to increase defensive measures, which in turn reduced the tendency of the attackers to attempt breaches. On the other hand, in the case of penalizing false-alarms, the defenders understand that false-alarms would be more costly for them than misses, so they reduce their defense. As a result, both the frequency of attacks launched and successful attacks increased. While the experiment is an abstraction of real world cybersecurity scenarios, it implies that organizations could reevaluate the penalties they impose on misses and false-alarms in order to achieve a certain desired balance between those two mistakes.
Author:
Maqbool, Zahid ; Aggarwal, Palvi ; Pammi, V S Chandrasekhar ; Dutt, Varun
