Risky business: Fine-grained data breach prediction using business profiles

This article aims to understand if, and to what extent, business details about an organization can help to assess a company’s risk in experiencing data breach incidents, as well its distribution of risk over multiple incident types, in order to provide guidelines to effectively protect, detect, and...

Full description

Saved in:
Bibliographic Details
Published inJournal of cybersecurity (Oxford) Vol. 2; no. 1; pp. 15 - 28
Main Authors Sarabi, Armin, Naghizadeh, Parinaz, Liu, Yang, Liu, Mingyan
Format Journal Article
LanguageEnglish
Published Oxford University Press 01.12.2016
Online AccessGet full text

Cover

More Information
Summary:This article aims to understand if, and to what extent, business details about an organization can help to assess a company’s risk in experiencing data breach incidents, as well its distribution of risk over multiple incident types, in order to provide guidelines to effectively protect, detect, and recover from different forms of security incidents. Existing work on prediction of data breach mainly focuses on network incidents, and studies that analyze the distribution of risk across different incident categories, most notably Verizon’s latest Data Breach Investigations Report, provide recommendations based solely on business sector information. In this article, we leverage a broader set of publicly available business details to provide a more fine-grained analysis on incidents involving any form of data breach and data loss. Specifically, we use reports collected in the VERIS Community Database (VCDB), as well as data from Alexa Web Information Service (AWIS), the Open Directory Project (ODP), and Neustar Inc., to train and test a sequence of classifiers/predictors. Our results show that our feature set can distinguish between victims of data breaches, and nonvictims, with a 90% true positive rate, and 11% false positive rate, making them an effective tool in evaluating an entity’s cyber-risk. Furthermore, we show that compared to using business sector information alone, our method can derive a more accurate risk distribution for specific incident types, and allow organizations to focus on a sparser set of incidents, thus achieving the same level of protection by spending less resources on security through more judicious prioritization. Keywords: data breach; resource allocation; risk assessment.
ISSN:2057-2085
2057-2093
DOI:10.1093/cybsec/tyw004