Information Security News mailing list archives
Re: New Study Shows Unhappy Workers Steal Trade Secrets
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Tue, 11 Jan 2000 11:32:58 -0700
Reply From: Hal Lockhart <Hal.Lockhart () storagenetworks com>
The survey, conducted by Michael G. Kessler & Associates Ltd., a New York-based security firm, found that 35 percent of the theft of proprietary information is perpetrated by discontented employees. Outside hackers steal secrets 28 percent of the time; other U.S. companies 18 percent; foreign corporations 11 percent and foreign governments, 8 percent. The remaining 10 percent, according to the study, are listed as miscellaneous crimes. ...
All the news sources have taken the same line on this story, but it seems to me they have the story backwards. There is no real description of the methodology, and generally I tend to distrust these kinds of studies as most organizations have no clear information on successful or unsuccessful attacks. Further, it does not indicate what percentage of all attacks are represented by the theft information incidents reported. However, if we take these numbers at face value and assume that the proportions represent attacks of all types, it seems to conflict with conventional wisdom. Everybody in the security industry says insider attacks are the most common citing figures from 60% to 80%. I have even seen studies that assert this even if viruses are included, although viruses are clearly the most common and always external. In contrast, this study says 35% of attacks are internal and the rest seem to be external except for a "miscellaneous" category, whatever that means. (Their arithmetic doesn't seem to be very good as 35+28+18+11+8+10 = 110.) {I decided to see if the orginal report has this error, but it does not seem to be posted on their web page. http://www.investigation.com/ I did notice they have something called a Restricted Area, which collects a name and password without using SSL. I was not impressed.) Hal =========================================================== Harold W. Lockhart Jr. StorageNetworks, Inc. Voice: 781-434-6741 100 Fifth Avenue Fax: 781-434-6799 Waltham, MA 02451 hal.lockhart () storagenetworks com www.storagenetworks.com =========================================================== ISN is sponsored by Security-Focus.COM
Current thread:
- New Study Shows Unhappy Workers Steal Trade Secrets mea culpa (Jan 10)
- <Possible follow-ups>
- Re: New Study Shows Unhappy Workers Steal Trade Secrets mea culpa (Jan 11)