Abstract for:Detection dynamics: the balancing act in the realm of cyber security under conditions of staff shortage and attacker behaviour growth

Significant growth is observed in attacker’s behaviour and shortage of security staff. An important task within cyber security is detecting and responding to security alerts. Our research address the question how detection and response will be influenced by these developments. Therefore we have built a system dynamics model in the area of detection dynamics.

We have performed different policy analysis for detection strategy (rolling-out detection capabilities, improving the maturity of detection capabilities, improving accuracy of reporting and analysing alerts) and HR recruitment strategy (hiring junior, mediour and/or senior staff) in a medium sized organization.

Our policy analysis suggest that continuously focussing on rolling-out detection capabilities, improving accuracy and improving capability maturity results into freeing up more and more capacity over time for detection and response. On the other hand some policies my result in less alerts being handled (low identification level of problems) and more successful attacks (less threats to be identified by the defender), evoking the detection trap.

We believe our research contributes to the concept of detection trap and demonstrates the occurrence of this trap even without any additional investments.