While I concur that objectivity is important, I would not completely discredit that there are severe economic concerns with cyber crime. I've seen first hand vast amounts of intellectual property being obtained illegally through coercion and manipulation of private and federal systems. Working in a position to detect and prevent you'll find often that the victims are not aware of their losses nor the secondary conditionals that drive associated costs. Most cyber crime in't as clearly defined as say a list of credit cards stolen from a services provider. These are the models you can somewhat quantify a worse case estimate for. All that's required is that you tally up the limits on all the cards and say the potential was for x amount of monetary loss. Is the number a realistic answer or projection? Not really, often it's way out of touch with reality, the question then becomes how do you define realistic loses?
It's true that there aren't models that can clearly and appropriately estimate losses for an entity. This is due in part to the large costs that aren't a known in that exposure of credit card numbers. Addressable's such as client confidence, the manpower and time to disseminate information to the victims, the time spent eradicating all flaws being levied by the actors which alone are not inclusive of your overall downtime and even public shame, all items hard to quantify a numerical value for. We can argue about models, but the truth is there is never a model for every scenario. You can only go by speculation and assumption. So it's with that understanding that I somewhat allow an inflated estimate of real damage. If at the end of the day, the horror stories read online push users and admins to educate themselves, even if out of fear of overly estimated loses, I see no harm.
Personally, I fell the more appropriate response is to give clear guidance as to how these incidents were born. It's only through proper education of users and admins alike, that we'll be able to stymy those attempting harm.
In concurrence with your comment, there is no doubt that there is sensationalization on the part of everyone at play. Antivirus and malware removal manufacturers want to project an image of fear. It's this sense of fear that drives their market. However inappropriate it may be, it at least drives discussion. It's only with proper education that users see the difference between realistic threats and the hollywood movie projections.
It's true that there aren't models that can clearly and appropriately estimate losses for an entity. This is due in part to the large costs that aren't a known in that exposure of credit card numbers. Addressable's such as client confidence, the manpower and time to disseminate information to the victims, the time spent eradicating all flaws being levied by the actors which alone are not inclusive of your overall downtime and even public shame, all items hard to quantify a numerical value for. We can argue about models, but the truth is there is never a model for every scenario. You can only go by speculation and assumption. So it's with that understanding that I somewhat allow an inflated estimate of real damage. If at the end of the day, the horror stories read online push users and admins to educate themselves, even if out of fear of overly estimated loses, I see no harm.
Personally, I fell the more appropriate response is to give clear guidance as to how these incidents were born. It's only through proper education of users and admins alike, that we'll be able to stymy those attempting harm.
In concurrence with your comment, there is no doubt that there is sensationalization on the part of everyone at play. Antivirus and malware removal manufacturers want to project an image of fear. It's this sense of fear that drives their market. However inappropriate it may be, it at least drives discussion. It's only with proper education that users see the difference between realistic threats and the hollywood movie projections.