Loading...

Keynote: Devaluing Attack: Disincentivizing Threats Against The Next Billion Devices

5,051 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Apr 20, 2016

by Dino Dai Zovi

Cyberattacks are not like natural disasters or other forces of nature, nor are they like diseases or other autonomously evolving and spreading agents (yet). They are ultimately and fundamentally driven by rational human action. As such, economics is the best way to view attacker and defender strategies. The traditional approach to defense is to raise the cost for your attackers by making attacks as difficult as possible. This, unfortunately, has a tendency to raise costs for the defender and their users too and does not scale well. An alternative and more scalable strategy is to reduce the value to the attacker of a successful attack. What does this look like? This strategy is already in use in many forms around us and we will point out where it is being employed successfully. Does it work? We will examine the phases of an intrusion common to both financially-motivated and state-sponsored attackers in order to show how defenses based on lowering the value versus raising the cost affect both the attacker and defender. Finally, we will explore what this strategy means for the security threats against the next billion devices.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...