Home page logo

basics logo Security Basics mailing list archives

RE: Statistics
From: "Serge Jorgensen" <lists () usinfosec com>
Date: Mon, 24 Nov 2003 14:22:23 -0500


Here's a quick summary from the CSI/FBI information for '02 / '03. Hope this
helps. Certainly let me know if you need more details... we can certainly
send a complete PDF with reams of data if you need it.


------------------------- Begin Included Text ----------------------------

Eighth Annual 2003 CSI/FBI Computer Crime and Security Survey

"Theft of proprietary information caused the greatest financial loss" in

"The second most expensive computer crime among survey respondents was
denial of service."

"As in previous years, virus incidents (82 percent) and insider abuse of
network access (80 percent) were the most cited forms of attack or abuse."

"Almost one in ten organizations do not use any extra physical precautions
to protect their computer assets."

"Within the world of the Internet, issues surrounding intellectual property
were front and center in 2002.  The high-profile news items weren't
necessarily about the theft of trade secrets, which is the greater threat to
most companies, but even focus on copyright infringement has created a
climate in which interest in encryption-based controls such as Microsoft's
new Digital Rights Management server has increased steadily."


"Ninety percent of respondents detected computer security breaches within
the last twelve months."

"Eighty percent acknowledged financial losses due to computer breaches."

"Forty percent detected system penetration from the outside."

"Forty percent detected denial of service attacks"

"Seventy-eight percent detected employee abuse of Internet access privileges
(for example, downloading pornography or pirated software, or inappropriate
use of e-mail systems)."

"Eighty-five percent detected computer viruses."

"Ninety-eight percent of respondents have www sites."

"Fifty-two percent conduct electronic commerce on their sites."

"Thirty-eight percent suffered unauthorized access or misuse on their Web
sites within the last twelve months.  Twenty-one percent said that they
didn't know if there had been unauthorized access or misuse."

----------------------- End of Included Text ------------------------------

-----Original Message-----
From: Jack Solomon [mailto:solzjack43 () hotmail com] 
Sent: Monday, November 24, 2003 10:57 AM
To: security-basics () securityfocus com
Subject: Statistics

I often hear statistics bandied around like 85% of attacks are internal.  
Can anyone point to a reliable/quotable source of stats?  I'd like to prove 
to my cynical managment that we are not safe behind the corporate 

Also, I'd be interested in stats on amout of money lost to fraud, downtime, 
hacking, lack of DR etc.



Find a cheaper internet access deal - choose one to suit you. 



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]