Protecting your network against spam and viruses may not be the best use of your limited security budget, according to researchers from Florida Atlantic University.
The researchers developed an economic model for how companies can evaluate their vulnerabilities, analyze their risk and calculate the potential for damage. They concluded that with limited resources, shoring up defenses against the type of attack that is likely to cause the greatest loss may be the most prudent path. Targeted attacks have generally been shown to cause more financial damage than distributed attacks such as spam and viruses.
“This whole model is based on the principal of minimizing a security risk,” says C. Derrick Huang, assistant professor at Florida Atlantic.
Huang and professor Qing Hu were scheduled to present their case last month during the Workshop on the Economics of Information Security at the University of Cambridge in England.