Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Systematically understanding the cyber attack business: a survey
Huang K., Siegel M., Madnick S. ACM Computing Surveys51 (4):1-36,2018.Type:Article
Date Reviewed: Oct 19 2018

Cybercrime is a lucrative business with a very positive return on investment. To combat the cybercrime business, it helps to understand how it operates. The authors use the value chain analysis method to find the 24 key activities or processes that drive the cybercrime business, and then structure these into what they call the “cybercriminal service ecosystem framework.” The framework was reviewed by more than 30 experienced business people. It fits on one page--perfect.

The paper’s key diagram organizes the 24 key activities into eight groups, including weapon development and enhancement, delivery, marketplace, and of course the cyber attack itself. Using these services provides agility and little capital expenditure--a modern business approach.

The implication is that a new criminal business only needs an innovative idea and the money to buy the services to execute it, not any hacking skills worth mentioning. Therefore, expect that cybercrime mills will not slow down unless we find ways to put sand in the machines.

The goal is not to help new start-ups in this line of work. The idea is that an understanding of criminal business will reveal how to cripple it or slow it down. In the last section, the authors briefly highlight how the framework may help combat cybercrime. Knowing the enemy’s strengths and weaknesses by highlighting critical processes in the value chain is a first step.

An important contribution, the authors’ extensive research data shows that services in the framework not only exist but are available “as a service” (XaaS). An impressive list of references (six pages) covers every single process. Together with this paper, they form the ammunition to convince nonbelievers of the clear and present danger of cybercrime to digital business. The approach is one that business people should understand and appreciate.

Reviewer:  A. Mariën Review #: CR146289 (1902-0066)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
 
Security and Protection (D.4.6 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy