[plug] Trade [flame alert]

[Colin Muller]

Christian wrote:

> > http://www.bankinfo.com/security/CSIstatistics.html
> >
> > Penetration by outsiders
> > 30% in 1999
> > 24% in 1998
> > Internet connection as point of attack
> > 57% 1999
> > 37% in 1996
> > Unauthorized access by insiders
> > 55% in 1999
> > 45% in 1998
> 
> What about the other 15%?  Or, as Rob Sitch likes to say, "55% of
> WHAT?" 

The URL gives you the rest.

> Also, since the Internet connection is the most popular point of
> attack, how can there simultaneously be more attacks by insiders? These
> figures don't make much sense at all. 

Insiders can take inside information to access info (or create havoc)
via the Internet point from elsewhere - that way they're less likely to
get caught than they would be if they had the box open and a screwdriver
in your hand, or had info they're not meant access to on their screen at
the office. In other words, it makes perfect sense.

>   They also don't correlate at all well with the figures cited by Steve.

That's terrible. If you go to the URL you'll see what the study sample
was.

> All this data can only come from compromises that are discovered.  Out
> of those that are discovered there are two categories: those which are
> publicised and those which are not.  If a current or ex-employee misuses
> a system, they are likely to get fired and criminal proceedings may
> follow -- therefore this becomes something which is acknowledged. 

Actually, most businesses like to persuade people to leave as quietly as
possible whatever the reason - people are very often persuaded to resign
instead of being fired; and transgressors generally want to leave
equally quietly so they can get another job afterwards.

> Anyway, I don't really have any strong evidence or argument for my
> statement but I just don't buy into the idea that most compromises are
> internal.

Ahhh ... I guess this makes clear that further discussion would be
pointless.

Colin