CSI Survey 2007 Tiffany Gorman
Computer Crime and Security Survey Significant rise in estimated losses due to cybercrime Efforts in Cyber Security showing some return on investment Longest running survey in information security field- 12 years 494 computer security practitioners responded of 5000 requests
Key Findings Average annual loss reported up to $350,424 from $168,000 18% suffered one or more targeted attacks Financial fraud rose above virus attacks as source of greatest financial losses Insider abuse of network access became most prevalent security problem Reporting to law enforcement continued to increase
Issues Virus pattern recognition software to identify threats with known signatures Criminals more sophisticated Criminals no longer motivated by “glory”, but by financial gain Malware signature detection less effective Simply not paying attention
Issues Financial losses are estimates Down time difficult to predict IT Security not limited to technology; includes Audit and Legal Departments
Business Justifications 61% of respondents allocated <5% of IT budget to information security Training of employees responsible for sensitive information Security Awareness training <1% of budget ROI, NPV, and IRR necessary for mgmt approval
Frequency, Nature, and Cost of Breaches Less frequent, but cost more Small percentage attributed to insiders (<20%) Total losses: $66,930,950 Financial Fraud= #1 $21,124,750 Virus= #2 $8,391,800
Effectiveness of Security Anti-Virus Software Firewall VPN Internal Security Audits Penetration Testing External Security Audits
Actions Following Incidents Attempted to ID perpetrator Patch security holes Install security patches Install additional security software Report to law enforcement WHY NOT???? #1 Reason
Summary Trend of reduction of losses couldn’t continue Networks and operating systems complexity Cybercrime and ID theft reduce consumer confidence Move toward identity management Educate computer security professionals
QUESTIONS????