Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Study Shows Unhappy Workers Steal Trade Secrets

From: mea culpa <jericho () DIMENSIONAL COM>
Date: Tue, 11 Jan 2000 11:32:58 -0700
Reply From: Hal Lockhart <Hal.Lockhart () storagenetworks com>


The survey, conducted by Michael G. Kessler & Associates Ltd., a New
York-based security firm, found that 35 percent of the theft of
proprietary information is perpetrated by discontented
employees. Outside
hackers steal secrets 28 percent of the time; other U.S. companies 18
percent; foreign corporations 11 percent and foreign governments, 8
percent. The remaining 10 percent, according to the study,
are listed as miscellaneous crimes.
...


All the news sources have taken the same line on this story, but it seems
to me they have the story backwards.

There is no real description of the methodology, and generally I tend to
distrust these kinds of studies as most organizations have no clear
information on successful or unsuccessful attacks. Further, it does not
indicate what percentage of all attacks are represented by the theft
information incidents reported.

However, if we take these numbers at face value and assume that the
proportions represent attacks of all types, it seems to conflict with
conventional wisdom. Everybody in the security industry says insider
attacks are the most common citing figures from 60% to 80%. I have even
seen studies that assert this even if viruses are included, although
viruses are clearly the most common and always external.

In contrast, this study says 35% of attacks are internal and the rest seem
to be external except for a "miscellaneous" category, whatever that means.
(Their arithmetic doesn't seem to be very good as 35+28+18+11+8+10 = 110.)

{I decided to see if the orginal report has this error, but it does not
seem to be posted on their web page. http://www.investigation.com/ I did
notice they have something called a Restricted Area, which collects a name
and password without using SSL. I was not impressed.)

Hal

===========================================================
Harold W. Lockhart Jr.             StorageNetworks, Inc.
Voice: 781-434-6741                100 Fifth Avenue
Fax:   781-434-6799                Waltham, MA 02451
hal.lockhart () storagenetworks com   www.storagenetworks.com
===========================================================

ISN is sponsored by Security-Focus.COM
Previous By Date Next
Previous By Thread Next

Current thread: