Average
Total
Theft of proprietary info. $6,571,000.00
$170,827,000.00
Financial fraud $4,632,000.00
$115,753,000.00
Telecom eavesdropping $1,205,000.00
$6,015,000.00
Sabotage of data of networks $541,000.00
$15,134,000.00
Insider abuse of Net access $536,000.00
$50,099,000.00
Unauthorized insider access $300,000.00
$4,503,000.00
Denial of service $297,000.00
$18,370,500.00
Virus $283,000.00
$49,979,000.00
System penetration by outsider $226,000.00
$13,055,000.00
Laptop theft $89,000.00
$11,766,500.00
Telecom fraud $22,000.00
$346,000.00
Active wiretapping $0.00
$0.00
--
Michael Rasmussen, Infrastructure Engineer
Columbia Management Company, Portland, Oregon
Michael.Rasmussen@private
Desk: 971-925-6723
Desk: 503-973-6723 (deprecated)
Cell: 503-209-6227
-----Original Message-----
From: Zot O'Connor [mailto:zot@private]
Sent: Wednesday, August 20, 2003 4:35 PM
To: Crime (E-mail)
Subject: Re: CRIME 80/20 Rule
On Tue, 2003-08-19 at 10:25, Daggett, Steve wrote:
> There's an often quoted statistic that 20% of network intrusions come
from
> the outside and 80% intrusions are inside jobs.
I make up the statistics with glee during interviews with the press.
More carefully I resent that 70% of harmful successful break ins appear
to come from the inside.
The CSI report for 2002 is misleading...
>From my slides:
* This year they claimed more attacks come from the outside than
the inside.
* They failed to mentioned the impact of the attacks.
* While there may be more external attacks, do they cost as much?
...
I took their numbers and put them into a chart
Average
Total
Theft of proprietary info.
$6,571,000.00
$170,827,000.00
Financial fraud
$4,632,000.00
$115,753,000.00
Telecom eavesdropping
$1,205,000.00
$6,015,000.00
Sabotage of data of networks
$541,000.00
$15,134,000.00
Insider abuse of Net access
$536,000.00
$50,099,000.00
Unauthorized insider access
$300,000.00
$4,503,000.00
Denial of service
$297,000.00
$18,370,500.00
Virus
$283,000.00
$49,979,000.00
System penetration by outsider
$226,000.00
$13,055,000.00
Laptop theft
$89,000.00
$11,766,500.00
Telecom fraud
$22,000.00
$346,000.00
Active wiretapping
$0.00
$0.00
Sum of internal
$13,896,000.00
$374,443,500.00
Sum of external
$806,000.00
$81,404,500.00
Sorry if the format is off.
This list is sorted on Average, which does not match total at all.
If you look the first real external threat total is virus. If you add
all of the externals and internals (treating theft of proprietary as
internal) you get the totals I listed.
If you look at the total as percentages of the total, you get %82/%18.
Not bad correlation, it must be true!
...
In the same talk I looked at the media reporting Using google I checked
the following phrases on cnn.com to see if the media reporting matched
the dollars. As expected it did not (but this is not a good test at
all).
Site
Word
Count
cnn.com
hackers
4,180
cnn.com
hacked
1,470
cnn.com
fraud
10,500
cnn.com
telecom fraud
5,760
cnn.com
company fraud
5,760
cnn.com
trade secrets
1,610
cnn.com
intellectual property
1,470
cnn.com
insider fraud
247
So, anyone else need a statistic to match?
--
Zot O'Connor
http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com
------------------------------------------------------------------------------
NOTICE: This communication may contain confidential or other privileged information. If you are not the intended recipient, or believe that you have received this communication in error, please do not print, copy, retransmit, disseminate, or otherwise use the information. Also, please indicate to the sender that you have received this email in error, and delete the copy you received. Any communication that does not relate to official Columbia Management Group business is that of the sender and is neither given nor endorsed.
Thank you.
==============================================================================
This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 17:35:30 PDT