- Been Down So Long It Looks Like Up To Me: The Extent and Scope of the Cybercrime Problem
- CERT/CC Statistics
- Dan Farmer's Internet Security Survey
- WarRoom Research's Information Security Survey
- Conclusions
WarRoom Research's Information Security Survey
WarRoom Research is a group of competitive intelligence and information security consultants based in the Washington, D.C. area. Its data is compiled, as is much of the CSI/FBI data, from Fortune 500 corporations. The tables in this section answer the following questions.
Have you detected attempts to gain computer access to any of your computer systems from "outsiders" in the past 12 months?
Yes |
119 |
58.0% |
No |
25 |
12.2% |
Don't know |
61 |
29.8% |
205 | 100.0% |
Table 3.2 Vulnerability Breakdown by Site Type (in Percents)
|
Site Type |
Denial of Service |
FTP |
Yellow Web |
INND |
REXD access |
Sendmail |
Red Web |
YPupdated |
statd |
|
Banks |
57.12 |
0.15 |
9.85 |
3.18 |
0.15 |
9.70 |
1.52 |
0.91 |
29.39 |
|
Credit unions |
43.43 |
0.00 |
8.03 |
1.46 |
0.00 |
4.01 |
0.73 |
1.09 |
16.42 |
|
U.S. Federal |
44.68 |
0.00 |
36.17 |
0.00 |
0.00 |
12.76 |
2.12 |
6.38 |
31.91 sites |
|
Newspapers |
52.88 |
0.32 |
14.42 |
2.24 |
0.00 |
16.67 |
1.28 |
0.64 |
30.77 |
|
Sex |
56.54 |
0.00 |
6.65 |
1.33 |
0.00 |
11.97 |
0.67 |
0.00 |
18.85 |
|
Totals |
53.63 |
0.12 |
10.32 |
2.19 |
0.06 |
10.67 |
1.1 |
0.81 |
24.91 |
|
Random group |
28.14 |
0.00 |
1.92 |
0.64 |
0.64 |
7.25 |
0.00 |
0.64 |
13.65 |
Source: Dan Farmer, http://www.fish.com (The Denial of Service and Yellow Web vulnerabilities were "yellow" vulnerabilities, and the others were counted as red vulnerabilities.)
If yes, how many successful unauthorized accesses from "outsiders" have you detected? (developed table)
1–10 |
41 |
41.8% |
11–0 |
24 |
24.5% |
21–30 |
16 |
16.3% |
31–40 |
10 |
10.2% |
41–50 |
5 |
5.1% |
>50 |
2 |
2.0% |
98 |
100.0% |
If you experienced computer system intrusions by someone from outside your organization, indicate the type of activity performed by the intruder performed.
Manipulated data integrity |
41 |
6.8% |
Installed a sniffer |
40 |
6.6% |
Stole password files |
34 |
5.6% |
Probing/scanning of system |
88 |
14.6% |
Trojan logons |
35 |
5.8% |
IP spoofing |
29 |
4.8% |
Introduced virus |
64 |
10.6% |
Denied use of services |
38 |
6.3% |
Downloaded data |
49 |
8.1% |
Compromised trade secrets |
59 |
9.8% |
Stole/diverted money |
2 |
0.3% |
Compromised e-mail/documents |
76 |
12.6% |
Publicized intrusion |
3 |
0.5% |
Harassed personnel |
27 |
4.5% |
Other (specified) |
18 |
3.0% |
603 |
100.0% |
How many "insiders" have been caught misusing your organization's computer systems? Running their own ventures on company systems, abuse of online accounts, personal record keeping, etc. (developed table)
Unknown |
20 |
9.8% |
0 |
56 |
27.3% |
1–5 |
24 |
11.7% |
6–10 |
46 |
22.4% |
11–15 |
32 |
15.6% |
16–20 |
13 |
6.3% |
21–25 |
9 |
4.4% |
>25 |
5 |
2.4% |
205 |
100.0% |
If yes, what disciplinary action was taken?
Oral admonishment |
70 |
54.3% |
Written admonishment |
27 |
20.9% |
Suspended |
7 |
5.4% |
Resigned |
8 |
6.2% |
Fired |
11 |
8.5% |
Referred to law enforcement |
2 |
1.6% |
Out of court settlement |
0 |
0.0% |
No action |
4 |
3.1% |
Other (specified) |
0 |
0.0% |
129 |
100.0% |