[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] 2001 Computer Crime and Security Survey erschienen

To: "Infowar.de" <infowar - de -! - infopeace - de>
Subject: [infowar.de] 2001 Computer Crime and Security Survey erschienen
From: Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>
Date: Fri, 08 Feb 2002 11:10:10 +0100
Organization: http://www.fogis.de
Reply-to: infowar - de -! - infopeace - de
Sender: bendrath -! - zedat - fu-berlin - de

Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

Den Survey, der in Zusammenarbeit mit dem FBI erstellt wird, gibt es zum
Download unter http://www.gocsi.com/forms/fbi/pdf.html (man muss erst
ein Formular ausfüllen). 
Anbei ein erster Artikel dazu. Offenbar sind erstmals die Outsider
gefährlicher als die Insider gewesen.
RB

http://www.osopinion.com/perl/story/16157.html

Outside Hackers vs. the Enemy Within: Who's Worse?

By Jay Lyman
www.NewsFactor.com, 
Part of the NewsFactor Network
February 5, 2002 

The 2001 Computer Crime and Security Survey from the Federal Bureau of
Investigation and the Computer Security Institute makes it clear that
cybercrime is on the rise. But for the first time, according to survey
respondents, incidents precipitated by outside hackers outnumbered those
originated by internal threats. 

Experts said that trend is likely to continue as increasing numbers of
outside intruders mount more attacks on computer networks and PCs. 

However, others pointed out that internal perpetrators remain the most
difficult
threats to fight, as they go straight for a company's crown jewels and
often know
how to cover their tracks. 

Layered Security 

Regardless of whether an attack comes from internal or external sources,
security
experts stressed the need for standards, policies and layered security
that cover
both. 

"This year was the first time it was reported that more attacks were
from an
external source than from internal," Symantec Security Response senior
product
manager Dee Liebenstein told NewsFactor. 

"We've seen it go in the same direction the last three to four years.
There's no
reason to expect that to change abruptly," Liebenstein said. 

More To Fear, Report 

Liebenstein said there are a number of reasons for the trend, including
better
intelligence and identification of incidents and more willingness to
report, but she
added that a big reason for the increasing number of outside attacks is
"the
almost infinite number of threats." 

"As companies are adopting more and more e-commerce abilities, that
opens up
another way into the enterprise," she said, adding that the FBI/CSI
survey
indicated that 70 percent of respondents called their Internet
connection a frequent
point of attack. 

"That in itself speaks to the level of external attacks," she noted. 

Keeping It in the Company 

SecurityFocus incident analyst Ryan Russell told NewsFactor that far
more
internal attacks go unreported because companies are better able to keep
them
quiet. 

"It's easier to talk yourself into hiding an internal threat," Russell
said. 

Russell added that companies often have the ability to deal with an
internal
intrusion in their own way, such as firing the perpetrator, which makes
it less
likely that the incident will be reported to law enforcement or others. 

Quiet Inside 

Russell said that regardless of whether they outnumber inside incidents,
outside
attacks are easier to defend against than internal wrongdoing, which is
typically
much more deliberate and less likely to set off alarms. 

"I think, in general, external attacks will be easier to deal with,"
Russell said. "An internal attack -- that's going to be more developed
and more difficult to figure out. They know what they need, and they go
right to it." 

Liebenstein agreed, adding, "Even with the increase in external attacks,
you can't
underestimate the internal attacker. 

"They know what they're looking for and where to get it," she said. "An
internal
attacker can do more damage and cost more money." 

High Cost of Volume 

Liebenstein told NewsFactor that businesses increasingly are embracing
the
"layered defense -- at the gateway, at the server and the desktop" that
is required
to fend off both internal and external threats. 

And while the price paid for internal breaches may be higher, that trend
also is
changing as the cost of defending against outside attacks goes up with
their
increasing numbers, according to Liebenstein. 

"The external [incidents] are becoming more costly just because of their
volume,"
she said.

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.

Prev by Date: [infowar.de] GAO: Sicherheitslücken in US-Finanzrechnern
Next by Date: [infowar.de] NIST zu technischen Grundlagenmodellen für IT-Sicherheit
Previous by thread: [infowar.de] GAO: Sicherheitslücken in US-Finanzrechnern
Next by thread: [infowar.de] NIST zu technischen Grundlagenmodellen für IT-Sicherheit
Index(es):
- Date
- Thread