Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] 2001 Computer Crime and Security Survey erschienen,

Den Survey, der in Zusammenarbeit mit dem FBI erstellt wird, gibt es zum
Download unter (man muss erst
ein Formular ausfüllen). 
Anbei ein erster Artikel dazu. Offenbar sind erstmals die Outsider
gefährlicher als die Insider gewesen.

Outside Hackers vs. the Enemy Within: Who's Worse?

By Jay Lyman, 
Part of the NewsFactor Network
February 5, 2002 

The 2001 Computer Crime and Security Survey from the Federal Bureau of
Investigation and the Computer Security Institute makes it clear that
cybercrime is on the rise. But for the first time, according to survey
respondents, incidents precipitated by outside hackers outnumbered those
originated by internal threats. 

Experts said that trend is likely to continue as increasing numbers of
outside intruders mount more attacks on computer networks and PCs. 

However, others pointed out that internal perpetrators remain the most
threats to fight, as they go straight for a company's crown jewels and
often know
how to cover their tracks. 

Layered Security 

Regardless of whether an attack comes from internal or external sources,
experts stressed the need for standards, policies and layered security
that cover

"This year was the first time it was reported that more attacks were
from an
external source than from internal," Symantec Security Response senior
manager Dee Liebenstein told NewsFactor. 

"We've seen it go in the same direction the last three to four years.
There's no
reason to expect that to change abruptly," Liebenstein said. 

More To Fear, Report 

Liebenstein said there are a number of reasons for the trend, including
intelligence and identification of incidents and more willingness to
report, but she
added that a big reason for the increasing number of outside attacks is
almost infinite number of threats." 

"As companies are adopting more and more e-commerce abilities, that
opens up
another way into the enterprise," she said, adding that the FBI/CSI
indicated that 70 percent of respondents called their Internet
connection a frequent
point of attack. 

"That in itself speaks to the level of external attacks," she noted. 

Keeping It in the Company 

SecurityFocus incident analyst Ryan Russell told NewsFactor that far
internal attacks go unreported because companies are better able to keep

"It's easier to talk yourself into hiding an internal threat," Russell

Russell added that companies often have the ability to deal with an
intrusion in their own way, such as firing the perpetrator, which makes
it less
likely that the incident will be reported to law enforcement or others. 

Quiet Inside 

Russell said that regardless of whether they outnumber inside incidents,
attacks are easier to defend against than internal wrongdoing, which is
much more deliberate and less likely to set off alarms. 

"I think, in general, external attacks will be easier to deal with,"
Russell said. "An internal attack -- that's going to be more developed
and more difficult to figure out. They know what they need, and they go
right to it." 

Liebenstein agreed, adding, "Even with the increase in external attacks,
you can't
underestimate the internal attacker. 

"They know what they're looking for and where to get it," she said. "An
attacker can do more damage and cost more money." 

High Cost of Volume 

Liebenstein told NewsFactor that businesses increasingly are embracing
"layered defense -- at the gateway, at the server and the desktop" that
is required
to fend off both internal and external threats. 

And while the price paid for internal breaches may be higher, that trend
also is
changing as the cost of defending against outside attacks goes up with
increasing numbers, according to Liebenstein. 

"The external [incidents] are becoming more costly just because of their
she said.

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.