A Look at the 2004 CSI/FBI Computer Crime and Security Survey Robert Richardson Editorial Director Computer Security Institute How to Use Statistics in.

Slides:

Advertisements

Similar presentations

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.

Advertisements

Its free. Its easy. It s necessary.. Why Prepare? Up to 40% of businesses fail following a natural or human- caused disaster 94% of small business owners.

Introduction and Overview of Digital Crime and Digital Terrorism

Fraud Report Recent cases Madoff - $54bn (£38bn) Allen Stanford - $8bn (£5.6bn) Kazutsugi Nami, Japanese Ponzi scheme $2.5bn (£1.76bn) US Ponzi.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.

DATA BREACHES IN HEALTHCARE BY CHUCK EASTTOM

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,

Reverse Logistics: The way into the future Gailen Vick Executive Director May 29, 2013.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Questions we will explore: What is Security? Why is it relevant? What does it cost?

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

(Geneva, Switzerland, September 2014)

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

CAMARGUE COMMERCIAL CRIME Presented by Justin Keevy Senior Underwriter.

Computer Crimes and Abuses1 By: Saad Shwaileh. Computer Crimes and Abuses2 Outline Introduction. Computer crime and computer Abuse ? Types of Computer.

Copyright © 2012 Pearson Education. All rights reserved Copyright © 2012 Pearson Education. All rights reserved. Chapter 10 Sampling Distributions.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Sravanthi Vattikuti Sri Harsha Devabhaktuni

October The Insider Financial Crime and Identity Theft Hacktivists Piracy Cyber Espionage and Sabotage.

Customer : contractor : December, 2012 Sociologic Research on Awareness of Industrial Property Protection Possibilities.

Combating cyber-crime: the context Justice Canada March 2005.

Justice in Mexico Website Project by Sam Liao Justice in Mexico Website Project by Sam Liao Prof. Carl Rebman Information Technology Project Management.

Trends in the Manufacturing Sector in Massachusetts Sharing Skills ~ Building Connection Conference, March 12, 2008 Rebekah Lashman Jonathan Latner Navjeet.

Models for Estimating Risk and Optimizing the Return on Security Investment.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

Tool Capitalization & Tracking Survey Institute of Certified Construction industry Financial Professionals June 15, 2015 By Chuck Elyea, CCIFP.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.

Election News and Numbers Making sense of polls, statistics and more for the 2008 election!

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

The State of Computer & Data Security in Corporations Independent Survey.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

CS 4001Mary Jean Harrold1 Class 25 Computer crime Assign Term paper—due 11/20.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.

A threat to global security and economy Koushik Mannepalli CMPE 294.

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

Customer contractor Sociologic Research on Awareness of Industrial Property Protection Possibilities December, 2015.

Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.

Trade and Technical Careers Outlook in Northern Virginia April 19, 2016.

1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:

WHEN, NOT IF THE CYBER SECURITY CHALLENGES AMONG LOCAL GOVERNMENT UMBC Public Policy Forum Baltimore Maryland April 15, 2016 Gayle B. Guilford CISO Baltimore.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

IIA – Cyber Security Event Cyber Risks James Humbles June 2016.

ARMAGEDDON IS HERE: IDENTITY AND COMPUTER BREACHES

Challenges We Face On the Internet

Threats to computers Andrew Cormack UKERNA.

Securing Information Systems

CSI Survey 2007 Tiffany Gorman

Cyber Trends and Market Update

CSI/FBI 2007, 2009, 2010/11 Key findings.

Security Sales: Entering Uncharted Territory

National Computer Security Survey

Protecting Your Company’s Most Valuable Asset

Forensic and Investigative Accounting

Marcial Quinones-Cardona

Goddard Chamber September 12th, 2019 Hosts: John Ash & Jon Grover

Presentation transcript:

A Look at the 2004 CSI/FBI Computer Crime and Security Survey Robert Richardson Editorial Director Computer Security Institute How to Use Statistics in Your Awareness Program:

Called the cops? Called the cops?

Respondents by Industry Respondents by Industry By industry sector : Figure 1 Utility 5% Manufacturing 12% Local Gov. 3% Other 19% Transportation 1% Telecom 2% Financial 19% Legal 1% Federal Gov. 7% State Gov. 3% Retail 3% Medical 6% High Tech 13% Education 7% High Tech 13%

Respondents by Employees Respondents by Employees By number of employees : Figure 2 1 – 99 19% 1,500 – 9,999 31% 50,000 or more 7% 10,000 – 49,999 14% 500 – 1,499 13% 100 – %

Respondents by Revenue Respondents by Revenue By revenue : Figure : 392 Respondents Under $10M 20% Over $1B 37% $100M – $1B 20% $10M - $99M 23% Under $10M 20% Over $1B 37% $100M – $1B 20% $10M - $99M 23%

Respondents Respondents

Called the cops? Called the cops?

Crime Reporting Crime Reporting

The Eternal Question The Eternal Question Can I use anything you just told me for my awareness program?

The Eternal Question The Eternal Question Can I use anything you just told me for my awareness program? Not exactly….

Types of attack by percent Types of attack by percent

Virus Insider Abuse Laptop/Mobile Theft

Statistics reduced to their essence…

Coffee Cup Deviation Coffee Cup Deviation Figure 15: dollar losses

Cybercrime Losses Cybercrime Losses Figure 15: dollar losses

Cybercrime Losses Cybercrime Losses Figure 15: dollar losses

Average Cybercrime Losses Average Cybercrime Losses

How to Use… How to Use… Average losses in a survey of about 500 security professionals were down for the third straight year. While this is good news (paying attention to security seems to reduce crime), it’s also true that identity fraud—the costs of which aren’t directly measured in this survey—are skyrocketing.

Tell a Credible Truth Tell a Credible Truth Be sure the base in survey statistics is justified Consider the magnitude of change arising from possible different interpretations of data

14) What is the total monetary value of losses your organization sustained due to electronic crimes or system intrusions in 2003? We do not track monetary losses due to electronic or related crimes (Base: 500) 32.4% (Base: 338) $100 million or more 0.3% $10 million to $99.9 million 2.4% $1 million to $9.9 million 5.0% $500,000 to $999, % $100,000 to $499, % Less then $100, % Don’t know/not sure 49.7% source: CSO magazine/U.S. Secret Service/CERT Coordination Center.

CSO/Secret Service/CERT Survey Mean $3,920,000 Median $100,000 Sum* $666,000,000 *Sum figure calculated using midpoints within each range. source: CSO magazine/U.S. Secret Service/CERT Coordination Center.

(Base: 338) $100 million or more 0.3%1 $10 million to $99.9 million 2.4%8 $1 million to $9.9 million 5.0%17 $500,000 to $999, %17 $100,000 to $499, %38 Less then $100, %89 Don’t know/not sure 49.7%168

(Base: 338) $100 million or more 1100,000,000 $10 million to $99.9 million 8439,600,000 $1 million to $9.9 million 17 92,650,000 $500,000 to $999, ,750,000 $100,000 to $499, ,400,000 Less then $100, ,450,000 Total:660,850,000 Don’t know/not sure 49.7%

(Base: 338) $100 million or more 1100,000,000 $10 million to $99.9 million 8 80,000,000 $1 million to $9.9 million 17 17,000,000 $500,000 to $999, ,500,000 $100,000 to $499, ,800,000 Less than $100, ,450,000 Total:213,750,000 Don’t know/not sure 49.7%

IT Budget Allocation IT Budget Allocation

Per Employee Per Employee

Tools & Technology Tools & Technology

Awareness Awareness

Financial Metrics Financial Metrics

Anecdotes Make Stats Real Anecdotes Make Stats Real The number of bot-infected computers declined from 30,000+ a day in July to an average of less than 5,000 a day by December, according to Symantec. (The Register) The [Honeynet Project] report pointed out that "more than one million hosts are compromised and can be controlled by malicious attackers" although it warned that this was a probable underestimate. The company also made an estimate as to the scope of distributed denial of service (DDOS) attacks. In the tracking period, from November 2004 to January 2005, Honeynet detected a staggering 226,585 IP addresses joining at least one of the channels being monitored. (Techworld.com)

Anecdotes Make Stats Real Anecdotes Make Stats Real an executive at a satellite TV firm in Massachusetts has been charged with hiring several botnets to disrupt the websites of three rivals, costing one of their web-hosting firms $1 million. (New Scientist.com)

Tie to Policy Tie to Policy Obviously, anyone acting like this executive would be dismissed and possibly criminally prosecuted Policies used to “lock down” systems are in part in place to prevent your system from becoming a “bot.” If your system is compromised, it may be used to perpetrate crimes.

Takeaways Takeaways Use believable stats – explain important elements such as sample skew Graphic representations of comparison stats are often easier to interpret

Takeaways Takeaways Keep it positive (for the most part) Relate statistics to anecdotes, then tie to policies.

Contact: Robert Richardson GoCSI.com

Contact: Robert Richardson GoCSI.com