竞争行业中企业应对战略黑客安全反应的博弈论模型

A game-theoretical model of firm security reactions responding to a strategic hacker in a competitive industry

Journal of the Operational Research Society · 2021
被引 24
ABS 3

中文导读

研究了竞争行业中企业面对战略黑客时的安全投资决策,发现过度危险行业应改革商业模式而非重金防护,黑客动机(逐利或求名)影响其行为,技术相似性加剧搭便车问题,社会规划者监管仅在特定竞争环境下被接受。

Abstract

The tendency of strategic hackers to attack specific industries brings new challenges for information security management. This paper examines the interaction between firms in a specific industry and a strategic hacker by considering industry-specific characteristics including the intrinsic vulnerability, intentions of the hacker, competition between firms, and similarity of security technologies. We find that firms in an overly dangerous industry should consider reforming their business mode to reduce the intrinsic vulnerability rather than investing heavily in security protection. Moreover, we distinguish the hacker as profit-seeking and fame-seeking and find that different intentions generate different hacker’s behaviour. Furthermore, keep exerting effort is still a better strategy for the firms when the competition becomes more intense even the threat of the hacker reduces. Besides, the technical similarity enhances the hacker’s incentive to exert attack effort while induces a free-riding problem for competitive firms. Accordingly, we introduce a social planner to regulate the security decisions of competitive firms, and identify that the supervision of a social planner could partly alleviate the free-riding behaviour, but will only be accepted by competitive firms when facing a less or highly competitive environment. Our results imply that introducing a social planner to enforce security protection may not be advisable for all industries. Finally, we extend our model to discuss two additional cases, including the case of sequential game and the case of asymmetric condition.

信息安全产业组织博弈论竞争策略黑客行为