Nav: Home

New model of cybercrime factors in perishability of stolen data: INFORMS journal study

March 10, 2015

A new model examining cybercrimes adds an important way of examining the perishable value of stolen data so policy makers can plan against future hacks like the recent Anthem data breach, according to a study in the Articles in Advance section of Service Science, a journal published by the Institute for Operations Research and the Management Sciences (INFORMS).

INFORMS is the leading professional association for professionals in advanced analytics.

A Multiproduct Network Economic Model of Cybercrime in Financial Services is by Anna Nagurney, the John F. Smith Memorial Professor of Operations Management at the Isenberg School of Management at the University of Massachusetts Amherst. Professor Nagurney is an INFORMS Fellow. It describes a computer-based model that captures the network economics of cybercrime activity and permits the policy evaluation of interventions.

A novel feature of the model is its inclusion of the critical time element and perishability of stolen cyber financial products with, as in the case of fresh produce, the value (and, hence, the black market price) decreasing over time. It also identifies different demand prices for different financial products, with certain credit cards being more valuable because of credit limit, expiration date, and continent of origin.

Cybercrime exacts billions of dollars from businesses across the globe annually in theft and loss of revenue, as well as damage to reputation, opportunity cost, and disclosure of proprietary information. The financial services sector, in particular, has been a major target of cybercriminals, with cybercrime now the second most commonly reported economic crime affecting such firms. Through new Internet pathways, cybercriminals can attack remotely and remain undetected for months.

The new model includes the sources of financial products (the supply points) and the destinations (the demand points) in a powerful visual representation as a network, accompanied by the associated costs of illicitly acquiring the financial products, the transaction costs associated with finding consumers of such illicit products, and the prices at which they can be sold.

It models cybercriminals as economic agents who evaluate targets by the difference between the demand prices that the products (such as credit and debit cards) command versus the associated costs of stealing and transacting them. Financial service firms are modeled as prey and the hackers as predators. The underlying methodology used to capture such asymmetric interactions is "variational inequality theory," which examines multiple interacting agents on the supply and demand sides.

The network economic framework permits quantifiable evaluation of various policy interventions investigated in the study:
    1. Determining the impact of strategies that make it harder to attack financial products' source locations (computer servers)

    2. Evaluating ways that make it harder for cybercriminals to make transactions through the common technique of increasing transaction costs

    3. Exploring changes in the demand price to evaluate greater or lesser interest in criminal products at demand markets
In addition, the study shows improved graphical network representation that makes it possible to quantify the addition or removal of demand markets and sources of financial products.

In subsequent research, the author is investigating extensions to this framework that include cybersecurity investments using game theory. These identify not only an individual firm's vulnerability but that of the industry as well. She is also studying supply chain networks' vulnerability to cyberattacks.
The research reported in the paper was supported, in part, by the Advanced Cyber Security Center (ACSC) and by a grant from the National Science Foundation (NSF). Preliminary findings were presented at the Workshop on Cybersecurity Risk Analysis for Enterprises, held at the Sloan School at MIT in September 2014, co-organized by the author with colleagues, and funded by the ACSC, a non-profit consortium in Bedford, MA. Panelists and speakers at the daylong event represented the Isenberg School of Management, UMass Amherst, MIT, Biogen Idec, the U.S. Office of Financial Research, Liberty Mutual, the UMass President's Office, State Street, MITRE, and the Federal Reserve Bank.


INFORMS is the leading international association for professionals in analytics and operations research (O.R.). INFORMS advances research, and develops and promotes best practices in analytics and O.R. through collaboration, knowledge sharing, and professional development. INFORMS helps business, government, and other organization professionals make better decisions to drive value to their organizations and society. Our certification program (CAP®), highly cited publications, educational meetings and conferences, continuing education, industry and process focused networking communities, competitions, and recognition provide professionals with the knowledge and connections they need to achieve ever greater value for their organizations. Further information about INFORMS, analytics, and operations research is at or @informs.

Institute for Operations Research and the Management Sciences

Related Cybercrime Articles:

Decoding how kids get into hacking
New research from Michigan State University identified characteristics and gender-specific behaviors in kids that could lead them to become juvenile hackers.
Research reveals how personality affects susceptibility to persuasion
Researchers at Edge Hill University in England have helped identify personality traits which make people more (or less) susceptible to persuasion than others.
How a personality trait puts you at risk for cybercrime
Impulse online shopping, downloading music and compulsive email use are all signs of a certain personality trait that make you a target for malware attacks.
To fight email scammers, take a different view. Literally.
A team of researchers is helping law enforcement crack down on email scammers, thanks to a new visual analytics tool that dramatically speeds up forensic email investigations and highlights critical links within email data.
UBC study: Publicizing a firm's security levels may strengthen security over time
New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one's security levels leads to improved defense levels against cybercrime.
More Cybercrime News and Cybercrime Current Events

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Erasing The Stigma
Many of us either cope with mental illness or know someone who does. But we still have a hard time talking about it. This hour, TED speakers explore ways to push past — and even erase — the stigma. Guests include musician and comedian Jordan Raskopoulos, neuroscientist and psychiatrist Thomas Insel, psychiatrist Dixon Chibanda, anxiety and depression researcher Olivia Remes, and entrepreneur Sangu Delle.
Now Playing: Science for the People

#537 Science Journalism, Hold the Hype
Everyone's seen a piece of science getting over-exaggerated in the media. Most people would be quick to blame journalists and big media for getting in wrong. In many cases, you'd be right. But there's other sources of hype in science journalism. and one of them can be found in the humble, and little-known press release. We're talking with Chris Chambers about doing science about science journalism, and where the hype creeps in. Related links: The association between exaggeration in health related science news and academic press releases: retrospective observational study Claims of causality in health news: a randomised trial This...