Re: CRIME 80/20 Rule

From: Zot O'Connor (zot@private)
Date: Wed Aug 20 2003 - 16:34:43 PDT

Next message: Rasmussen, Michael: "RE: CRIME 80/20 Rule"

Previous message: Seth Arnold: "Re: CRIME SOBIG ADVISORY"
In reply to: Daggett, Steve: "CRIME 80/20 Rule"
Next in thread: Rasmussen, Michael: "RE: CRIME 80/20 Rule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2003-08-19 at 10:25, Daggett, Steve wrote:
>   There's an often quoted statistic that 20% of network intrusions come from
> the outside and 80% intrusions are inside jobs.

I make up the statistics with glee during interviews with the press.

More carefully I resent that 70% of harmful successful break ins appear
to come from the inside.

The CSI report for 2002 is misleading...

>From my slides:

      * This year they claimed more attacks come from the outside than
        the inside.
      * They failed to mentioned the impact of the attacks.
      * While there may be more external attacks, do they cost as much?

...

I took their numbers and put them into a chart

Average
Total
Theft of proprietary info.
$6,571,000.00
$170,827,000.00
Financial fraud
$4,632,000.00
$115,753,000.00
Telecom eavesdropping
$1,205,000.00
$6,015,000.00
Sabotage of data of networks
$541,000.00
$15,134,000.00
Insider abuse of Net access
$536,000.00
$50,099,000.00
Unauthorized insider access
$300,000.00
$4,503,000.00
Denial of service
$297,000.00
$18,370,500.00
Virus
$283,000.00
$49,979,000.00
System penetration by outsider
$226,000.00
$13,055,000.00
Laptop theft
$89,000.00
$11,766,500.00
Telecom fraud
$22,000.00
$346,000.00
Active wiretapping
$0.00
$0.00

Sum of internal
$13,896,000.00
$374,443,500.00
Sum of external
$806,000.00
$81,404,500.00

Sorry if the format is off.

This list is sorted on Average, which does not match total at all.

If you look the first real external threat total is virus.  If you add
all of the externals and internals (treating theft of proprietary as
internal) you get the totals I listed.

If you look at the total as percentages of the total, you get %82/%18.

Not bad correlation, it must be true!

...

In the same talk I looked at the media reporting  Using google I checked
the following phrases on cnn.com to see if the media reporting matched
the dollars.  As expected it did not (but this is not a good test at
all).

          Site
          Word
         Count
cnn.com
hackers
                   4,180
cnn.com
hacked
                   1,470
cnn.com
fraud
                  10,500
cnn.com
telecom fraud
                   5,760
cnn.com
company fraud
                   5,760
cnn.com
trade secrets
                   1,610
cnn.com
intellectual property
                   1,470
cnn.com
insider fraud
                     247

So, anyone else need a statistic to match?

-- 
Zot O'Connor

http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com

Next message: Rasmussen, Michael: "RE: CRIME 80/20 Rule"
Previous message: Seth Arnold: "Re: CRIME SOBIG ADVISORY"
In reply to: Daggett, Steve: "CRIME 80/20 Rule"
Next in thread: Rasmussen, Michael: "RE: CRIME 80/20 Rule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 17:06:53 PDT