Researchers at the University of Michigan are developing a statistical model to predict when a cyber attack is likely to be launched against a given organisation.
Researchers Robert Axelrod and Rumen Illiev's ‘Timing of Cyber Conflict' paper (pdf) details four main variables governing the risk of a cyber attack taking place.
The variables include the specific vulnerability being exploited; the overall stealth level of the attack vector - and its potential for re-use; the risk of the attack methodology being spotted and remediated; and the threshold (point) at which the attacker will gain more than they will lose.
The statistical model primarily takes into account stealth and persistence; each is said to have an opposite effect to the other in terms of the optimum time to use an attack resource.
Incoming Thought analyst Sarb Sembhi said the findings were "fascinating" but noted the model could "only be used in a number of cases".
He said it remained "very early days" in developing the mathematical risk model and that work needs to continue to refine it.
However, he said the model would be especially useful to telcos, who could predict the likelihood that their network could come under attack.
Professor John Walker of Nottingham-Trent University added that that there are other parameters that need to be considered when calculating the risk of a cyber attack being imminent.
These, he explained, include industry placement, size, and exposure. He said this would allow the model to predict which industries and sectors will have the highest levels of risk attached to them.