BSidesSF 2012 - Hacking the Bank: Figuring out what the cost of hacks may be (Gillis Jones)

As someone who actually performs hacking on a daily basis for Fortune 50 companies, financials are not a large part of my job description. But, as someone closely tied to the safety and health of a company, it is clear that we need to be vocal about these costs in order for us to function at the right level. This presentation will be a discussion of my personal research into the financials of breaches and the bleak discoveries I came across as an infosec professional venturing into the business-side of our work. Namely, discrepancies in accounting, lack of disclosure around hacks and ballpark estimates being the standard. Numbers are far too removed from the realities of security. So I will talk about how to focus on every aspect of a breach, and how to approach past breach cost estimation from a real life perspective. Case studies will be shown to reflect actual expenditures, as well as descriptions of some of the actual hacks which were utilized in order to breach the systems. I will also give my recommendation on how we can best adjust our accounting for hacking attacks based on the actual workflow of someone who deals with these situations.