Speaker: Chris Kanich

Title: Bottom Line Security: Understanding the True Cost of Cybersecurity Attacks


This presentation will highlight recent results that improve our understanding the true cost of cybercrime. I’ll also show how these results can lead to actionable insights into which attacks we should be spending our finite effort combating. I’ll cover losses due to affiliate fraud, measured in profits lost, both by the platforms and legitimate marketers. I’ll also cover losses incurred due to typosquatting: while typosquatting is perpetrated by thousands upon thousands of domains, the harm caused is not clear. We use a model which quantifies how many visitors legitimate sites lose and how much time end users waste when they visit these sites. Finally, I’ll showcase a tool whichquantifies the value of a user’s private data (their account logins), which can motivate better security behavior through a personalized warning regarding how much their account might be worth to cybercriminals.