A Sophistication Index for Evaluating Security Breaches

The focus of this research is to develop a sophistication index for evaluating security breaches due to cyber-attacks. Although reports about cyber-attacks elucidate the sophistication involved in a given security or data breach, it is difficult to compare the sophistication of breaches across multiple attacks. Once we have an attack sophistication index, incidents can be compared and consequences of sophistication level, such as damage impact, may be assessed. To develop this index, we first explore the evolution of malware and security breaches due to cyber-attacks. We then develop a dataset of 32 security breach incidents that were well publicized in the media over the last 10 years. Based on our literature review and expert evaluation we develop a set of basic features that may be used to classify the sophistication level of an attack. We also ask security experts to rate the incidents based on their perceived notion of sophistication. Our results indicate that our sophistication index is correlated with the level of perceived sophistication. We also observe that the level of sophistication of the well publicized attacks have not consistently increased over time. Simpler attacks continue to propagate and cause damage. Moreover, a correlation of the sophistication level and the damage caused (number of records exposed) is not significant, suggesting that a more sophisticated attack is not necessarily more damaging to the institution at question.