Reference: Richard power, Editorial Director of the Computer Security Institute (CSI), San Francisco, CA, and author of Tangled web: Tales of Digital Crime from the Shadows of Cyberspace. (Que, 2000)
Purpose of study: To study how difficult it is to quantify the effects of cyber criminal activity.
Comments: James adams,Chief Executive Officer & cofounder of iDefense, a private agency specializing in information intelligence.
The cost of the "Love Letter" virus, which affected everyone. . . Ranges between $4 billion and $10 billion. That's the equivalent of a complete obliteration of a major American city. And that was one individual from thousands of miles away.
Main points: Quantifying financial losses from cyber attacks is one of our major problems. Really, you're still doing "guesstimates." Sometimes you'll see tens of thousands, and hundreds of thousands of dollars lost in an attack, and that's mostly the cost of cleanup and investigation. But the real costs are the soft costs--lost business opportunities. If you're conducting e-business and you're counting on $600,000 an hour in revenue, like Amazon, and your service is disrupted by a denial of service attack, you can start with the figure $600,000 for every hour that you're down. If your Cisco and you're making $7 million a day online, and you're down for a day, you've lost $7 million. That's where you start. . . .
There were estimates that the "Love Bug" virus did damage in the billions and billions of dollars. That scale leaves most people saying, "That's beyond any kind of comprehension."
Right. It staggers the imagination, and there's a tendency to disbelieve that four lines of code literally cost $80 million, or $10 billion in damages. But if you think about it in terms of a 24/7 global corporation, a Fortune 500 corporation, there's a little meter inside it, ticking all the time. . . . A Fortune 50 corporation was hit by the"Melissa" virus when it came out, and their own internal tabulation was that they lost $10 million. When you ask them how they lost it, it was lost productivity, lost network operation time. All of this is factored into their budgets. They have a dollar sign attached to each minute of network time, and