The economy of cybercrime is one of the themes I often look at. Basically, when defending against criminals, it is all about raising the cost in a way that their balance sheet reaches a tipping point towards cost. In other words, it is too expensive to carry out an attack to be attractive. Raising the cost might mean that we increase the financial cost or the risk of being caught and sent to prison. We all know that this risk today is fairly low compared to the upsides.
Now if we look at the financial cost of carrying out an attack, we need to increase this. But if you look at underground prices, this is a fairly hard job. I found the graph today, which shows It extremely well:
My original source of this picture is here.
This means that we definitely need to find new ways to defend and monitor our networks. I guess we need to start to think more about protecting data rather than where the data is stored. We need to think more about how we can help our users rather than what our users can do for us. I blogged about Human Centered Security recently. I am convinced that this would significantly change the way we deal with issues.
What do you think? How can we fight these prices?