RE: Statistics

["Serge Jorgensen" <lists () usinfosec com>]

Jack,

Here's a quick summary from the CSI/FBI information for '02 / '03. Hope this
helps. Certainly let me know if you need more details... we can certainly
send a complete PDF with reams of data if you need it.

R/
 Serge

------------------------- Begin Included Text ----------------------------

Eighth Annual 2003 CSI/FBI Computer Crime and Security Survey

"Theft of proprietary information caused the greatest financial loss" in
2003.

"The second most expensive computer crime among survey respondents was
denial of service."

"As in previous years, virus incidents (82 percent) and insider abuse of
network access (80 percent) were the most cited forms of attack or abuse."

"Almost one in ten organizations do not use any extra physical precautions
to protect their computer assets."

"Within the world of the Internet, issues surrounding intellectual property
were front and center in 2002.  The high-profile news items weren't
necessarily about the theft of trade secrets, which is the greater threat to
most companies, but even focus on copyright infringement has created a
climate in which interest in encryption-based controls such as Microsoft's
new Digital Rights Management server has increased steadily."


2003

"Ninety percent of respondents detected computer security breaches within
the last twelve months."

"Eighty percent acknowledged financial losses due to computer breaches."

"Forty percent detected system penetration from the outside."

"Forty percent detected denial of service attacks"

"Seventy-eight percent detected employee abuse of Internet access privileges
(for example, downloading pornography or pirated software, or inappropriate
use of e-mail systems)."


"Eighty-five percent detected computer viruses."

"Ninety-eight percent of respondents have www sites."

"Fifty-two percent conduct electronic commerce on their sites."

"Thirty-eight percent suffered unauthorized access or misuse on their Web
sites within the last twelve months.  Twenty-one percent said that they
didn't know if there had been unauthorized access or misuse."

----------------------- End of Included Text ------------------------------



-----Original Message-----
From: Jack Solomon [mailto:solzjack43 () hotmail com] 
Sent: Monday, November 24, 2003 10:57 AM
To: security-basics () securityfocus com
Subject: Statistics



I often hear statistics bandied around like 85% of attacks are internal.  
Can anyone point to a reliable/quotable source of stats?  I'd like to prove 
to my cynical managment that we are not safe behind the corporate 
firewall...

Also, I'd be interested in stats on amout of money lost to fraud, downtime, 
hacking, lack of DR etc.

Thanks

Jack

_________________________________________________________________
Find a cheaper internet access deal - choose one to suit you. 
http://www.msn.co.uk/internetaccess


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------