Power laws occur widely and irrefutably in economics, physics, biology, and international relations. The root causes of power laws are hard to determine, but a good theory is that proportional random growth causes the phenomenon. This talk will attempt to prove a power law for breach size and breach occurrence volume, using data from over 30,000 businesses. The goal is to show that no matter the set of breaches one picks, the most impactful breach will have more impact than all the others combined. Information security breaches are scale-invariant and distributed according to a power law.
Michael Roytman is Risk I/O’s Data Scientist, responsible for building out Risk I/O’s predictive analytics functionality. He has written about vulnerability management with Dan Geer of In-Q-Tel, and has previously spoken at BSidesLV and SIRAcon. He formerly worked in fraud detection in the finance industry, and holds an MS in operations research from Georgia Tech. In his spare time, he tinkers with everything from bikes to speakers to cars, and works on his pet project:outfitting food trucks with GPS.