Asset value is a fundamental risk management practice. The hard part with digital assets is figuring out how much they are worth. One way to measure the value of an asset (and security in general) is to measure the street value. If the price of cocaine is going up then law enforcement assumes its efforts are working well. If the street price is low then the smugglers and distributors are having an easy time supplying demand.
USA Today reports:
Typical costs of goods and services in forums
:
- $1,000 to $5,000: Trojan program that can transfer funds between online accounts.
- $500: Credit card number with PIN.
- $80 to $300: Change of billing data, including account number, billing address, Social Security number, home address and birth date.
- $150: Driver's license.
- $150: Birth certificate.
- $100: Social Security card.
- $7 to $25: Credit card number with security code and expiration date.
- $7: PayPal account log-on and password.
- 4% to 8% of the deal price: Fee to have an escrow agent close a complex transaction.
- Free: Access to a service that gives details of the issuing bank for any credit card number.
1 -- Representative asking prices found recently on cybercrime forums
Source: USA TODAY research
How is this useful to security architecture? The street value of certain items shows its utility to attackers that use the data to steal identity, money, data, and access. It shows the value of defense in depth, because the higher priced items like change of address data and transfer programs require several pieces of data to be compromised for the attack to work.
Comments