Security Basics mailing list archives
Re: Statistics
From: "Steve" <securityfocus () delahunty com>
Date: Wed, 26 Nov 2003 13:04:08 -0500
Try some of the papers here http://www.nw3c.org/research_topics.html. I also read some good stats in a presentation once that cited the National Center for Computer Crime Data but I couldn't find their information online easily. One issue with statistics available is that it is estimated 85% of computer crimes detected are never reported. So Issues: insiders are trusted and have access to physical and electronic intellectual property. Motivations: financial gain, revenge, curiousity, challenge. Current employees become former employees which is a major group of potential perpetrators. Also, for insider threats, in my opinion consider the increasing knowledge of the typical employee in terms of computer aptitute coupled with the availability of hacker type tools freely on the Internet. When working at a government contractor in the 1990s, we had an employee who downloaded the tool satan and was probing government sites. We had static IPs, was not hard to find him. He claimed he was just experimenting, his job in no way involved using such tools, he was lucky to not get fired. We tracked him down after hearing from our corporate security group who was contacted by some extremely powerful government agency. On the topic, I have had thoughts of having a firewall between the employees and our datacenter. Think about when your professional staff are offsite and on another company network as part of their job, they get infected by nimda or something, then they return to your network and "jack in" and infect a bunch of other machines. Sure we should all have software firewalls on all employee computers but then again there is reality where most of our organizations probably do not have that except for maybe laptops. So even if the laptops are protected, one infected laptop once inside our network could infect the desktops. This is where intrusion detection comes and and related alerting. ----- Original Message ----- From: "Alessandro Bottonelli" <abottonelli () libero it> To: "Jack Solomon" <solzjack43 () hotmail com>; <security-basics () securityfocus com> Sent: Tuesday, November 25, 2003 7:22 AM Subject: Re: Statistics On Monday 24 November 2003 16:57, Jack Solomon wrote:
I often hear statistics bandied around like 85% of attacks are internal. Can anyone point to a reliable/quotable source of stats?
82% Internal (of which 55% accidental) are quoted from a research (not public) of either Ernst&Young or Datapro--can't remember right now which one.
I'd like to prove to my cynical managment that we are not safe behind the corporate firewall...
Beware! You are right, but this issue is highly political, management don't like to be told they cannot trust their employees. Make sure YOU know how to state this.
Also, I'd be interested in stats on amout of money lost
Hmmm. When it comes to money things are even worse. Insiders have more opportunity, means and motive to hit you hard. In a research paper of mine (I found no one here in Italy available to pubblish it... wonder why) I made this consideration (which is not by far a statistics): -1- SQLWORM hits the Italian Post Office. Zero insiders, a unaccounted number of outsiders: estimated damage 150,000 Euros -2- CREDIT CARD CLONING in an Italian (Tuscany) Bank. One insider, five outsiders: measured damage 1,000,000 Euros -3- INS OUTSOURCER DESTROYS (willingly) some thousands documents (in order to look good on their SLA...). Three insiders, zero outsiders: assessed damage 250,000,000 dollars (the value of the 5-year contract with INS). Be careful when (if) using this with your management, as we say in Italy: "wrap it with plenty of vaseline grease ..." <grin> -- Alessandro Bottonelli CISSP, BS7799 Lead Auditor www.axis-net.it --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Statistics Jack Solomon (Nov 24)
- RE: Statistics Serge Jorgensen (Nov 24)
- Re: Statistics Meritt James (Nov 25)
- Re: Statistics Vishal (Nov 25)
- Re: Statistics Alessandro Bottonelli (Nov 25)
- Re: Statistics Steve (Nov 26)