nach oben

International Journal of Information Security

Erschienen in:

21.10.2022 | Regular contribution

Modeling reporting delays in cyber incidents: an industry-level comparison

verfasst von: Seema Sangari, Eric Dallal, Michael Whitman

Erschienen in: International Journal of Information Security | Ausgabe 1/2023

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cyber incidents often take time to be detected and even further time to be reported. Due to reporting delays, the reported proportion of recent incidents is smaller than for older incidents, resulting in the false impression of a diminishing frequency of cyber incident counts in recent years when examining databases of (publicly) reported cyber incidents. Obtaining an accurate view of the true trend therefore requires correcting for reporting delays. Complicating matters is the fact that the distribution of reporting delays differs from industry to industry. This paper investigates four distinct industries of US companies: Finance and Insurance, Educational Services, Health Care and Social Assistance, and Public Administration. This paper presents the correction for reporting delays in USA and by industry, with specific emphasis on the given industries. The research finds that there are longer reporting delays in Finance and Insurance, compared to the other three industries examined.

Vorheriger Artikel A deep learner model for multi-language webshell detection

Nächster Artikel Early web application attack detection using network traffic analysis

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

This corresponds to incidents that occurred from August 2014 through July 2016

\(1 \, Year = 360 \,Days\), computed based on 30 days per month in a year

30 days per month convention applied to allow uniform discretization for delay and age histograms

Ackerman, G.: G-20 urged to treat cyber-attacks as threat to global economy. http://www.bloomberg.com/news/2013-06-13/g-20-urged-to-treat-cyber-attacks-as-threat-to-economy.html (2013)

Audit Analytics. Trends in cybersecurity breaches. Tech. rep., Audit Analytics, Massachusetts, USA. https://go.auditanalytics.com/cybersecurityreport (2021)

Brookmeyer, R., Damiano, A.: Statistical methods for short-term projections of AIDS incidence. Stat. Med. 8(1), 23–34 (1989). https://doi.org/10.1002/sim.4780080105CrossRef

Brookmeyer, R., Liao, J.: The analysis of delays in disease reporting: methods and results for the acquired immunodeficiency syndrome. Am. J. Epidemiol. 132(2), 355–365 (1990). https://doi.org/10.1093/oxfordjournals.aje.a115665CrossRef

Cheng, F.F., Ford, W.L.: Adjustment of aids surveillance data for reporting delay to the editor (1991)

Downs, A.M., Ancelle, R.A., Jager, H.J., Brunet, J.B.: AIDS in Europe: current trends and short-term predictions estimated from surveillance data, January 1981-June 1986. AIDS 1(1), 53–57 (1987)

Downs, A.M., Ancelle, R., Jager, J.C., Heisterkamp, S.H., Van Druten, J.A., Ruitenberg, E.J., Brunet, J.B.: The statistical estimation, from routine surveillance data, of past, present and future trends in AIDS incidence in Europe. In: Jager, J.C., Ruitenberg, E.J. (eds.) Statistical Analysis and Mathematical Modelling of AIDS, pp. 1–16. Oxford University Press, Oxford (1988)

Esbjerg, S., Keiding, N., Koch-Henriksen, N.: Reporting delay and corrected incidence of multiple sclerosis. Stat. Med. 18(13), 1691–1706 (1999). https://doi.org/10.1002/(SICI)1097-0258(19990715)18:13<1691::AID-SIM160>3.0.CO;2-DCrossRef

Gail, M.H., Brookmeyer, R.: Methods for projecting course of acquired immunodeficiency syndrome epidemic. J. Natl. Cancer Inst. 80(12), 900–911 (1988). https://doi.org/10.1093/jnci/80.12.900CrossRef

10.

Hampel, F., Zurich, E.: Is statistics too difficult? Can. J. Stat. 26(3), 497–513 (1998). https://doi.org/10.2307/3315772CrossRefMATH

11.

Hansen, N.: The CMA evolution strategy: a comparing review. In: Lozano, J.A., Larranaga, P., Inza, I., Bengoetxea, E. (eds.) Towards a New Evolutionary Computation. Advances on Estimation of Distribution Algorithms, vol. 192, pp. 75–102. Springer, Berlin (2006)CrossRef

12.

Hansen, N.: The CMA evolution strategy: a tutorial. Computing Research Repository. http://arxiv.org/abs/1604.00772 (2016)

13.

Hansen, N.: CMA—python package. https://pypi.org/project/cma/ (2019)

14.

Harris, JE.: Delay in reporting acquired immune deficiency syndrome (AIDS). National Bureau of Economic Research Working Paper Series No. 2278. http://www.nber.org/papers/w2278%5Cn. http://www.nber.org/papers/w2278.pdf (1987)

15.

Healy, M.J.R., Tillett, H.E.: Short-term extrapolation of the AIDS epidemic. J. R. Stat. Soc. A Stat. Soc. 151(1), 50 (1988). https://doi.org/10.2307/2982184CrossRefMATH

16.

Heisterkamp, S.H., Jager, J.C., Downs, A.M., Van Druten, J.A.: The use of Genstat in the estimation of expected numbers of AIDS cases adjusted for reporting delays. In: Fifth Genstat Conference, pp. 4–18 (1988)

17.

Heisterkamp, S.H., Jager, J.C., Downs, A.M., Van Druten, J.A., Ruitenberg, E.J.: Statistical estimation of AIDS incidence from surveillance data and the link with modelling of trends. In: Statistical Analysis and Mathematical Modelling of AIDS, pp. 17–25. Oxford University Press, Oxford (1988)

18.

Heisterkamp, S.H., Jager, J.C., Ruitenberg, E.J., Van Druten, J.A., Downs, A.M.: Correcting reported aids incidence: a statistical approach. Stat. Med. 8(8), 963–976 (1989). https://doi.org/10.1002/sim.4780080807CrossRef

19.

Kalbfleisch, J.D., Lawless, J.F.: Regression models for right truncated data with applications to aids incubation times and reporting lags. Stat. Sin. 1(1), 19–32 (1991)MATH

20.

Mathews, L.: 2016 saw an insane rise in the number of ransomware attacks. https://www.forbes.com/sites/leemathews/2017/02/07/2016-saw-an-insane-rise-in-the-number-of-ransomware-attacks/#5b56176258dc (2017)

21.

Morgan, W.M., Curran, J.W.: Acquired immunodeficiency syndrome: current and future trends. Public Health Rep. 101(5), 459–465 (1986)

22.

Rosenberg, P.S.: A simple correction of AIDS surveillance data for reporting delays. J. Acquir. Immune Defic. Syndr. 3(1), 49–54 (1990)

23.

Rosinska, M., Pantazis, N., Janiec, J., Pharris, A., Amato-Gauci, A.J., Quinten, C., Schmid, D., Sasse, A., van Beckhoven, D., Varleva, T., Blazic, T.N., Hadjihannas, L., Koliou, M., Maly, M., Cowan, S., Rüütel, K., Liitsola, K., Salminen, M., Cazein, F., Pillonel, J., Lot, F., Gunsenheimer-Bartmeyer, B., Nikolopoulos, G., Paraskeva, D., Dudas, M., Briem, H., Sigmundsdottir, G., Igoe, D., O’Donnell, K., O’Flanagan, D., Suligoi, B., Konova, Š, Erne, S., Čaplinskienė, I., Schmit, A.F.J.C., Melillo, J.M., Melillo, T., de Coul, E.O., van Sighem, A., Blystad, H., Rosinska, M., Aldir, I., Martins, H.C., Mardarescu, M., Truska, P., Klavs, I., Diaz, A., Axelsson, M., Delpech, V.: Potential adjustment methodology for missing data and reporting delay in the HIV surveillance system, European Union/European Economic Area, 2015. Eurosurveillance (2018). https://doi.org/10.2807/1560-7917.ES.2018.23.23.1700359CrossRef

24.

Sangari, S., Dallal, E.: Correcting for reporting delays in cyber incidents. In: JSM Proceedings, Risk Analysis Section, pp. 721–735. Alexandria, VA, American Statistical Association (2021)

25.

Wang, M.C.: The analysis of retrospectively ascertained data in the presence of reporting delays. J. Am. Stat. Assoc. 87(418), 397 (1992). https://doi.org/10.2307/2290270CrossRefMATH

26.

Weinberger, D.M., Chen, J., Cohen, T., Crawford, F.W., Mostashari, F., Olson, D., Pitzer, V.E., Reich, N.G., Russi, M., Simonsen, L., Watkins, A., Viboud, C.: Estimation of excess deaths associated with the COVID-19 pandemic in the United States, March to May 2020. JAMA Intern. Med. 180(10), 1336–1344 (2020). https://doi.org/10.1001/jamainternmed.2020.3391CrossRef

27.

White, L.F., Wallinga, J., Finelli, L., Reed, C., Riley, S., Lipsitch, M., Pagano, M.: Estimation of the reproductive number and the serial interval in early phase of the 2009 influenza A/H1N1 pandemic in the USA. Influenza Other Respir. Viruses 3(6), 267–276 (2009). https://doi.org/10.1111/j.1750-2659.2009.00106.xCrossRef

Titel: Modeling reporting delays in cyber incidents: an industry-level comparison
verfasst von: Seema Sangari
Eric Dallal
Michael Whitman
Publikationsdatum: 21.10.2022
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 1/2023
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-022-00623-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2023

Deep SARSA-based reinforcement learning approach for anomaly network intrusion detection system

A review on fake news detection 3T’s: typology, time of detection, taxonomies

Mobile botnet detection: a comprehensive survey

Restricting data-leakage using fine-grained access control on OSN objects

Malicious code detection in android: the role of sequence characteristics and disassembling methods

Intrusion detection system over real-time data traffic using machine learning methods with feature selection approaches

Premium Partner