As the sophistication of cyber crime exploits has increased, the security industry has applied a technical and process mindset when dealing with them. These efforts have been frustrated by the variability, availability, and affordability of these exploits. These product characteristics point to an economic dimension of the cyber battlefield.Microsoft’s Roger Halbheer observed that the economic incentives of cyber attacks are enhancing the related profit motive. “Today these attacks are not about vandalism any more, today it’s about cash.” The increasing number of unemployed information security professionals who use their skills to compromise security underscores Mr. Halbheer’s comments.Peter Guerra’s presentation “How Economics and Information Security Affects Cyber Crime and What It Means in the Context of a Global Recession” will outline the economic factors influencing cyber crime and the implications for security professionals. In spite of legislative attempts to control aspects of cyber crime, such as the CAN-SPAM act, there are factors that continue to create incentives for criminals to exercise these tools:Low barrier of entry into the crime marketReady-made exploits are readily available at a reasonable price. Given this low cost of entry into the market, the opportunity cost of not getting involved is significant.Business metrics focus on the availability of data, not the other components of the CIA triad.Cyber criminals profit from their target’s information. While some criminals have opted to perform Denial of Service attacks on their targets, this tactic diminishes the long term potential of attacking the integrity and confidentiality of that information. As assurance professionals, we are charged with the protection of knowledge assets. We must consider all the factors that create incentives for our adversaries. This knowledge is critical for creating effective controls to counter the threats. By applying a different way of thinking about the cyber crime risk, we might find novel solutions. Related content opinion Positioning the Security Team Through Influence Part 1 Influence styles are a reflection of the influencers and, by extension, their team. Thus, they must understand the situations to which different styles are applicable. This series explores the common influence styles and their application. By Steven Fox Apr 21, 2012 3 mins Technology Industry IT Jobs opinion From Obstacle to Ally - Repositioning the Security Team Pt 1 By Steven Fox Apr 08, 2012 3 mins Technology Industry IT Strategy opinion Key Sessions at CISO Executive Summit 2011 By Steven Fox Dec 03, 2011 3 mins Business Continuity Data and Information Security Careers opinion Securing User Credentials On Mobile Devices By Steven Fox Nov 15, 2011 4 mins Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe