RE: CRIME 80/20 Rule

From: Rasmussen, Michael (Michael.Rasmussen@private)
Date: Wed Aug 20 2003 - 17:08:13 PDT

  • Next message: Mailadmin@private: "CRIME Your details"

    								Average
    Total
    Theft of proprietary info.                     $6,571,000.00
    $170,827,000.00
    Financial fraud                                $4,632,000.00
    $115,753,000.00
    Telecom eavesdropping                          $1,205,000.00
    $6,015,000.00
    Sabotage of data of networks                     $541,000.00
    $15,134,000.00
    Insider abuse of Net access                      $536,000.00
    $50,099,000.00
    Unauthorized insider access                      $300,000.00
    $4,503,000.00
    Denial of service                                $297,000.00
    $18,370,500.00
    Virus                                            $283,000.00
    $49,979,000.00
    System penetration by outsider                   $226,000.00
    $13,055,000.00
    Laptop theft                                      $89,000.00
    $11,766,500.00
    Telecom fraud                                     $22,000.00
    $346,000.00
    Active wiretapping                                     $0.00
    $0.00
    
    --
      Michael Rasmussen, Infrastructure Engineer
      Columbia Management Company, Portland, Oregon
      Michael.Rasmussen@private 
      Desk:  971-925-6723  
      Desk:  503-973-6723 (deprecated)
      Cell:  503-209-6227
    
    -----Original Message-----
    From: Zot O'Connor [mailto:zot@private]
    Sent: Wednesday, August 20, 2003 4:35 PM
    To: Crime (E-mail)
    Subject: Re: CRIME 80/20 Rule
    
    
    On Tue, 2003-08-19 at 10:25, Daggett, Steve wrote:
    >   There's an often quoted statistic that 20% of network intrusions come
    from
    > the outside and 80% intrusions are inside jobs.
    
    I make up the statistics with glee during interviews with the press.
    
    More carefully I resent that 70% of harmful successful break ins appear
    to come from the inside.
    
    The CSI report for 2002 is misleading...
    
    >From my slides:
    
          * This year they claimed more attacks come from the outside than
            the inside.
          * They failed to mentioned the impact of the attacks.
          * While there may be more external attacks, do they cost as much?
    
    ...
    
    I took their numbers and put them into a chart
    
    Average
    Total
    Theft of proprietary info.
    $6,571,000.00
    $170,827,000.00
    Financial fraud
    $4,632,000.00
    $115,753,000.00
    Telecom eavesdropping
    $1,205,000.00
    $6,015,000.00
    Sabotage of data of networks
    $541,000.00
    $15,134,000.00
    Insider abuse of Net access
    $536,000.00
    $50,099,000.00
    Unauthorized insider access
    $300,000.00
    $4,503,000.00
    Denial of service
    $297,000.00
    $18,370,500.00
    Virus
    $283,000.00
    $49,979,000.00
    System penetration by outsider
    $226,000.00
    $13,055,000.00
    Laptop theft
    $89,000.00
    $11,766,500.00
    Telecom fraud
    $22,000.00
    $346,000.00
    Active wiretapping
    $0.00
    $0.00
    
    
    
    
    
    
    
    
    
    Sum of internal
    $13,896,000.00
    $374,443,500.00
    Sum of external
    $806,000.00
    $81,404,500.00
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    Sorry if the format is off.
    
    This list is sorted on Average, which does not match total at all.
    
    If you look the first real external threat total is virus.  If you add
    all of the externals and internals (treating theft of proprietary as
    internal) you get the totals I listed.
    
    If you look at the total as percentages of the total, you get %82/%18.
    
    Not bad correlation, it must be true!
    
    ...
    
    In the same talk I looked at the media reporting  Using google I checked
    the following phrases on cnn.com to see if the media reporting matched
    the dollars.  As expected it did not (but this is not a good test at
    all).
    
              Site
              Word
             Count
    cnn.com
    hackers
                       4,180
    cnn.com
    hacked
                       1,470
    cnn.com
    fraud
                      10,500
    cnn.com
    telecom fraud
                       5,760
    cnn.com
    company fraud
                       5,760
    cnn.com
    trade secrets
                       1,610
    cnn.com
    intellectual property
                       1,470
    cnn.com
    insider fraud
                         247
    
    So, anyone else need a statistic to match?
    
    -- 
    Zot O'Connor
    
    http://www.ZotConsulting.com
    http://www.WhiteKnightHackers.com
    
    
    ------------------------------------------------------------------------------
    NOTICE:  This communication may contain confidential or other privileged information.  If you are not the intended recipient, or believe that you have received this communication in error, please do not print, copy, retransmit, disseminate, or otherwise use the information.  Also, please indicate to the sender that you have received this email in error, and delete the copy you received.  Any communication that does not relate to official Columbia Management Group business is that of the sender and is neither given nor endorsed. 
    Thank you. 
    
    
    ==============================================================================
    



    This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 17:35:30 PDT