On Sat, 4 May 2002, Mikael Olsson wrote: > (This is actually a month and a half old, but I've seen little or > no talk about it, so I thought I ought to bring it up anyway) > > According to this: http://www.it-analysis.com/article.php?id=2175 > many large companies in the UK no longer feel that the majority of > threats are internally originated. > > They're referencing a report compiled by PricewaterhouseCoopers > for the department of trade and industry. Anyone got a better > link to something with a little more detail?
I think it depends heavily on what you consider a threat to be. I think the current timeframe for a new, unannounced machine to be probed once it's on the Internet averages 20 minutes. If it's a Code Red probe, and you just put up a NetBSD box that doesn't have a Web server on it, is it a threat? I have some rough stats for that sort of thing with more real numbers, but they're at work so it'll be Monday before I can dig them up. Certainly for most companies, viruses are a significant cost, and I think that we're starting to see some awareness in companies of what it's costing them to handle virus events. NIMDA certainly was a wakeup call for lots of companies. If you're interested in those stats, I can summarize our Virus Prevalance Survey results. We've been offering formal computer crime investigations since last year. So far, the balance or requests is on internal events, but only barely (probably 60/40.) I'd have to say that the insider abuse ones are much more devistating overall. That's not representative though, since people tend to want to only have big events investigated. I also think that it depends on what you consider internal- the recently made a former employee threat sounds like it's higher these days, though I'm amazed at the "we found this employee doing that" stuff that's been happening recently. I think there's a need to be more sure of the data's sources and their situations. Lots of companies have deployed IDS recently, and where they deploy it may change their perception of what's being hit. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
