Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Look at the 2004 CSI/FBI Computer Crime and Security Survey Robert Richardson Editorial Director Computer Security Institute How to Use Statistics in.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A Look at the 2004 CSI/FBI Computer Crime and Security Survey Robert Richardson Editorial Director Computer Security Institute How to Use Statistics in."— Presentation transcript:

1 A Look at the 2004 CSI/FBI Computer Crime and Security Survey Robert Richardson Editorial Director Computer Security Institute How to Use Statistics in Your Awareness Program:

2 Called the cops? Called the cops?

3 Respondents by Industry Respondents by Industry By industry sector : Figure 1 Utility 5% Manufacturing 12% Local Gov. 3% Other 19% Transportation 1% Telecom 2% Financial 19% Legal 1% Federal Gov. 7% State Gov. 3% Retail 3% Medical 6% High Tech 13% Education 7% High Tech 13%

4 Respondents by Employees Respondents by Employees By number of employees : Figure 2 1 – 99 19% 1,500 – 9,999 31% 50,000 or more 7% 10,000 – 49,999 14% 500 – 1,499 13% 100 – 499 15%

5 Respondents by Revenue Respondents by Revenue By revenue : Figure 3 2004: 392 Respondents Under $10M 20% Over $1B 37% $100M – $1B 20% $10M - $99M 23% Under $10M 20% Over $1B 37% $100M – $1B 20% $10M - $99M 23%

6 Respondents Respondents

7 Called the cops? Called the cops?

8 Crime Reporting Crime Reporting

9 The Eternal Question The Eternal Question Can I use anything you just told me for my awareness program?

10 The Eternal Question The Eternal Question Can I use anything you just told me for my awareness program? Not exactly….

11 Types of attack by percent Types of attack by percent

12 Virus Insider Abuse Laptop/Mobile Theft

13 Statistics reduced to their essence…

14 Coffee Cup Deviation Coffee Cup Deviation Figure 15: dollar losses

15 Cybercrime Losses Cybercrime Losses Figure 15: dollar losses

16 Cybercrime Losses Cybercrime Losses Figure 15: dollar losses

17 Average Cybercrime Losses Average Cybercrime Losses

18

19

20

21 How to Use… How to Use… Average losses in a survey of about 500 security professionals were down for the third straight year. While this is good news (paying attention to security seems to reduce crime), it’s also true that identity fraud—the costs of which aren’t directly measured in this survey—are skyrocketing.

22 Tell a Credible Truth Tell a Credible Truth Be sure the base in survey statistics is justified Consider the magnitude of change arising from possible different interpretations of data

23 14) What is the total monetary value of losses your organization sustained due to electronic crimes or system intrusions in 2003? We do not track monetary losses due to electronic or related crimes (Base: 500) 32.4% (Base: 338) $100 million or more 0.3% $10 million to $99.9 million 2.4% $1 million to $9.9 million 5.0% $500,000 to $999,999 5.0% $100,000 to $499,999 11.2% Less then $100,000 26.3% Don’t know/not sure 49.7% source: CSO magazine/U.S. Secret Service/CERT Coordination Center.

24 CSO/Secret Service/CERT Survey Mean $3,920,000 Median $100,000 Sum* $666,000,000 *Sum figure calculated using midpoints within each range. source: CSO magazine/U.S. Secret Service/CERT Coordination Center.

25 (Base: 338) $100 million or more 0.3%1 $10 million to $99.9 million 2.4%8 $1 million to $9.9 million 5.0%17 $500,000 to $999,999 5.0%17 $100,000 to $499,999 11.2%38 Less then $100,000 26.3%89 Don’t know/not sure 49.7%168

26 (Base: 338) $100 million or more 1100,000,000 $10 million to $99.9 million 8439,600,000 $1 million to $9.9 million 17 92,650,000 $500,000 to $999,999 17 12,750,000 $100,000 to $499,999 38 11,400,000 Less then $100,000 89 4,450,000 Total:660,850,000 Don’t know/not sure 49.7%

27 (Base: 338) $100 million or more 1100,000,000 $10 million to $99.9 million 8 80,000,000 $1 million to $9.9 million 17 17,000,000 $500,000 to $999,999 17 8,500,000 $100,000 to $499,999 38 3,800,000 Less than $100,000 89 4,450,000 Total:213,750,000 Don’t know/not sure 49.7%

28 IT Budget Allocation IT Budget Allocation

29 Per Employee Per Employee

30 Tools & Technology Tools & Technology

31 Awareness Awareness

32 Financial Metrics Financial Metrics

33 Anecdotes Make Stats Real Anecdotes Make Stats Real The number of bot-infected computers declined from 30,000+ a day in July to an average of less than 5,000 a day by December, according to Symantec. (The Register) The [Honeynet Project] report pointed out that "more than one million hosts are compromised and can be controlled by malicious attackers" although it warned that this was a probable underestimate. The company also made an estimate as to the scope of distributed denial of service (DDOS) attacks. In the tracking period, from November 2004 to January 2005, Honeynet detected a staggering 226,585 IP addresses joining at least one of the channels being monitored. (Techworld.com)

34 Anecdotes Make Stats Real Anecdotes Make Stats Real an executive at a satellite TV firm in Massachusetts has been charged with hiring several botnets to disrupt the websites of three rivals, costing one of their web-hosting firms $1 million. (New Scientist.com)

35 Tie to Policy Tie to Policy Obviously, anyone acting like this executive would be dismissed and possibly criminally prosecuted Policies used to “lock down” systems are in part in place to prevent your system from becoming a “bot.” If your system is compromised, it may be used to perpetrate crimes.

36 Takeaways Takeaways Use believable stats – explain important elements such as sample skew Graphic representations of comparison stats are often easier to interpret

37 Takeaways Takeaways Keep it positive (for the most part) Relate statistics to anecdotes, then tie to policies.

38 Contact: Robert Richardson rrichardson@cmp.com GoCSI.com

39 Contact: Robert Richardson rrichardson@cmp.com GoCSI.com

Download ppt "A Look at the 2004 CSI/FBI Computer Crime and Security Survey Robert Richardson Editorial Director Computer Security Institute How to Use Statistics in."

Similar presentations

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.
Its free. Its easy. It s necessary.. Why Prepare? Up to 40% of businesses fail following a natural or human- caused disaster 94% of small business owners.

Its free. Its easy. It s necessary.. Why Prepare? Up to 40% of businesses fail following a natural or human- caused disaster 94% of small business owners.
Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
Fraud Report 2009. Recent cases Madoff - $54bn (£38bn) Allen Stanford - $8bn (£5.6bn) Kazutsugi Nami, Japanese Ponzi scheme $2.5bn (£1.76bn) US Ponzi.

Fraud Report Recent cases Madoff - $54bn (£38bn) Allen Stanford - $8bn (£5.6bn) Kazutsugi Nami, Japanese Ponzi scheme $2.5bn (£1.76bn) US Ponzi.
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.

CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.
DATA BREACHES IN HEALTHCARE BY CHUCK EASTTOM

DATA BREACHES IN HEALTHCARE BY CHUCK EASTTOM
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,

Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,
Reverse Logistics: The way into the future Gailen Vick Executive Director www.RLA.org May 29, 2013.

Reverse Logistics: The way into the future Gailen Vick Executive Director May 29, 2013.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Questions we will explore: What is Security? Why is it relevant? What does it cost?

Questions we will explore: What is Security? Why is it relevant? What does it cost?
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Similar presentations

Ads by Google