How many (absolute or percentage) network break-ins or other IT
security breaches are the result of internal attacks (employees,
former employees, etc.) as opposed to external attacks?

(If possible, please supply a source I can quote to a manager and
expect it to be understood.)

---

Clarification of Question by cerebrate-ga on 13 May 2002 04:59 PDT

Oops - I also meant to ask for break-ins specifically in small to
medium-sized companies, sub 500 users, if possible. If not, general
answers will do just fine.

There are a variety of statistics on this issue. Here are some
selected quotes:

"According to the [FBI and the Computer Security Institute (CSI) 2001]
survey, twice as many respondents cited their Internet connection as a
more frequent point of attack as those who said assaults came from
within their internal systems." From:
http://www.cnn.com/2002/TECH/internet/04/07/cybercrime.survey/

Concerning the same FBI/CSI report:
"For the fifth year in a row, more respondents (74%) cited their
Internet connection as a frequent point of attack than cited their
internal systems as a frequent point of attack (33%)." From:
http://www.gocsi.com/press/20020407.html

"Industry research indicates over 65% of all reported security
breaches occur from within the network, such as password security
leaks." From:
http://www.trigeo.com/contego_release.shtml

"Information breaches come equally from internal and external
sources... Five years ago, the ratio of inside to outside attacks was
70/30. Today, the ratio is about even, but the total number of attacks
has increased internally and externally as the availability of
automated attack tools has increased." From:
http://www.sas.com/subscriptions/sascom/marapr01/walker.html

"Nearly 50 percent of the companies surveyed experienced attacks
against their Web servers from external sources in 2001, up from 24
percent in 2000, [according to a July-August 2001 Information Security
magazine survey]... Security threats from those inside the company
were more varied and frequent, but somewhat less serious, the study
found." See article at:
http://www.itworld.com/Sec/2199/IDG011009webattacks/

"[UK's  Department for Trade and Industry's annual Information
Security Breaches report] showed that 48% of large companies blame
their worst security incident on employees. By contrast, the 2001
edition of the survey showed that 75% of those questioned named
external hackers and criminals as the biggest threat to security."
From:
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1946000/1946368.stm

"The problem of internal hacking (unauthorized access by authorized
users) consistently outweighs the problem of external hacking."[citing
NCSA Firewall Policy Guide Version 1.01]  From:
http://ksi.cpsc.ucalgary.ca/courses/547-96/johnp/547/present.html


Search terms used: network security breaches internal external
://www.google.com/search?client=googlet&q=network%20security%20breaches%20internal%20external
Additional search terms: network "internal hacking" external 
://www.google.com/search?q=network+%22internal+hacking%22+external&hl=en&client=googlet&start=10&sa=N

I hope this helps.

Thanks muchly! Exactly what I was looking for.

Hi,
 The following URL points to some research that was done on internal
attacks. The answer you need MAY be in there, but the file itselsf is
passworded! You need to be one of their clients to view it. You may
get a start from there though.
http://www.aberdeen.com/ab_abstracts/2000/04/04001994.htm
Good luck.

 Fly

Since I can't officially answer yet, I might as well provide you with
a little information.
Well, specifically, go here: http://www.gocsi.com/press/20020407.html
Fill out their form to get the full report.
And a good summation regarding your specific question (In the UK,
admittedly).
http://www.theregister.co.uk/content/archive/24282.html

I remembered reading the latter article, and that brought me to the
Computer Security Institute, which has the report.

Hope this helps,
Passive