Hello Prpro,
Below you will find the results of my research for facts and
statistics about computer security and loss of data. I am providing
short excerpts form the articles and white papers, however I highly
recommend that you read each publication in its entirety.
========
SECURITY
========
Security Worries for 2004
According to Chris Belthoff, senior security analyst at Sophos PLC,
?Microsoft's operating systems and products will continue to be
targeted by hackers and virus writers in 2004?
?Security exploits relying on buffer overflows in Microsoft product
code will still be the most common avenue of attack. Hackers are also
exploring "internal" vulnerabilities in Windows, like the Remote
Procedure Call security holes that produced Blaster, as well as
Microsoft's .Net Web services framework, Internet Information Server
Web server, and Windows 2003 Server."
You may read the complete article at the following link:
PC World: January 2004
http://www.pcworld.com/news/article/0,aid,114058,00.asp
=========================================================
As much as 60% of corporate data resides unprotected on PC desktops and laptops.
(IDC analyst Cynthia Doyle, Business Continuity in 2002: It's Not
Business as Usual, April 2002)
Viruses: Survey finds PCs infected at a rate of more than 10% each month.
(ICSA Labs, 2002)
?Corporations were hit with a monthly average of 113 virus infections
for every 1000 PCs they owned in 2001, according to the seventh annual
survey of virus prevalence in the enterprise conducted by ICSA Labs, a
division of security services firm TruSecure.?
?The most common effect of a virus infection, reported by 70 percent
of respondents, was rendering a PC unavailable to the user, the study
found. Sixty-nine percent of respondents said that viruses had cost
productivity, while 37 percent reported loss of data due to viruses.?
Connected Corporation
http://www.de.connected.com/downloads/Items%20for%20Downloads/Facts%20and%20Figures%20on%20data%20protection_Q4_02.pdf
=========================================================
From a ZDNet Security News Article dated January 2004:
- ?Computer virus attacks cost global businesses an estimated $55
billion in damages in 2003, a sum that is expected to increase this
year.?
- ?Companies lost roughly $20 billion to $30 billion in 2002 from the
virus attacks, up from about $13 billion in 2001.?
- ?Spam will emerge as the key transmission vehicle for viruses in 2004.?
- ?Last year, there was almost one major virus attack every month.?
- ?Analysts said the number of attacks between January and June 2003
exceeded 70,000, which was about twice the rate for 2002.?
ZDNet
http://zdnet.com.com/2100-1105_2-5142144.html
Bugbear and SoBig virases were the worst, with about 70,000 attacks
launched against corporations between January and June 2003.
http://www.pulse24.com/Business/Top_Story/20040116-001/page.asp
=========================================================
?Computer pests can potentially stop an organization in its tracks. An
infection may cause a loss of computing power. Servers and
orkstations either slow down or quit responding. In addition, network
bandwidth and Internet connections (a primary means of communications
with other organizations), may slow so much that essential performance
is affected.?
http://www.hipaadvisory.com/action/secureqa/secure15.htm
=========================================================
ICSA Labs' 8th Annual Virus Prevalence Survey (March 2003)
http://www.icsalabs.com/2002avpsurvey/
Download the full survey: (56 pages)
- Page 23: Cost of the disaster in person/days
- Table 9 and figure 8 illustrate the cost in person days
- Page 25: Organization effects of viruses
- Figure 11: Effects of Viruses
http://www.trusecure.com/cgi-bin/download.cgi?ESCD=W0107&file=doc607.pdf
Key findings
http://infosecuritymag.techtarget.com/2003/apr/virussurvey.shtml
=========================================================
Antivirus software is only as good as its latest update.
- ?83 percent of the survey group said they use an antivirus
application, only 73 percent update their definition files regularly.?
PC World
http://www.pcworld.com/reviews/article/0,aid,112468,pg,3,00.asp
=========================================================
From Deloitte Touche Tohmatsu, 20 May, 2003, (26 pages)
2003 Global Security Survey
Topics surveyed include Security Governance, Investment, Value, Risk,
Responsiveness, Use of security technologies, Quality of Operations,
and Privacy.
- ?Financial services companies are spending approximately 6% of their
IT budgets on information security.?
- ?47% hired extra security staff compared with 2001.?
- ?Only 19% of respondents said they had reduced the number of IT
security staff, despite the slowdown in the economy.?
Download survey here:
http://www.deloitte.com/dtt/cda/doc/content/Global%20Security%20Survey%202003.pdf
=========================================================
From Internet Fraud Complaint Center (IFCC), 11 April, 2003 (23 pages)
- ?Instances of Internet fraud increased drastically in 2002 as compared to 2001.?
- ?Losses reported by victims totaled $54 million, versus $17 million
the year before, and complaints referred to law enforcement totaled
48,252, compared to 16,755 in 2001?
- ?Auction fraud and non-delivery of merchandise were to top two
reported crimes, with Credit and debit card fraud following them at
12%?
Internet Fraud Complaint Center
http://www1.ifccfbi.gov/strategy/2002_IFCCReport.pdf
=========================================================
TruSecure® Corporation, the leading provider of intelligent risk
management products and services provides the following white papers:
Virus Trends 2003 and prediction for 2004 (8 pages)
Date: December 29, 2003
This paper provides a wealth of statistics in the form of graphs,
charts and tables.
Download here:
https://www.trusecure.com/cgi-bin/download.cgi?file=wp_2004Virus.pdf&ESCD=W0152
2003/2004 Trends and Predictions in Network Security (12 pages)
Date: December 29, 2003
This paper provides plenty of statistics.
Download here:
https://www.trusecure.com/cgi-bin/download.cgi?ESCD=W0151&file=wp_2004Networks.pdf
=========================================================
From Information Security Magazine, 1 March 2003,
According to an Information Security survey of 518 senior security managers:
- ?Just over half (53%) of those surveyed said their information
security budgets would increase in 2003
- 16% said their budgets would increase by over 20%
- 30% said their budgets would remain flat in 2003
- 17% said their budgets would decrease?
Information Security Magazine
http://infosecuritymag.techtarget.com/2003/mar/cisosurvey.shtml
=========================================================
The CERT® Coordination Center is an excellent source for security statistics.
?Established in 1988, the CERT® Coordination Center (CERT/CC) is a
center of Internet security expertise, located at the Software
Engineering Institute, a federally funded research and development
center operated by Carnegie Mellon University.?
Statistics:
CERT/CC Statistics 1988-2003
Number of incidents reported
Vulnerabilities reported
Security alerts published
Security notes published
http://www.cert.org/stats/cert_stats.html
February 06, 2004 - Current Security Activity
http://www.cert.org/current/archive/2004/02/06/archive.html
Incidents
http://www.cert.org/incident_notes/
=========================================================
2003 CSI/FBI Computer Crime and Security Survey (21 pages)
?The Survey is conducted by CSI with the participation of the San
Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion
Squad.?
Free PDF copies of the full report is available.
To obtain your free copy of the full report, please fill out the form
http://www.gocsi.com/forms/fbi/pdf.jhtml
Or use this direct link
http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2003.pdf
Interesting charts provided in this report:
Page 5 - Security Technologies Used
Page 7 ? Incidents
Page 9 ? Sources of attacks
Page 10 - Types of Attack
Page 12 - Dollar Amount of Losses by Type
=========================================================
From MSN, March 27, 2003:
"ID theft costs banks $1 billion a year. Nearly 10,000 victims had
home loans - totaling about $300 million - taken out in their name in
2002 and another 68,000 had new credit cards issued in their name"
"While the FTC received 161,000 identity theft complaints last year,
the FBI estimates the actual number of victims is probably closer to
500,000"
MSN
http://msnbc.msn.com/id/3078480/
=========================================================
?What was the median cost to remediate the Blaster worm? $475,000
Remediation cost $475,000 per company (median average - including
hard, soft and productivity costs) with larger node-count companies
reporting losses up to $4,228,000.?
Source: TruSecure / ICSA labs
http://www.securityvolition.com/Docs/VolitionGazette-September03.pdf
Understanding Patch and Update Management: Microsoft?s Software Update Strategy
http://216.239.41.104/search?q=cache:ySMScn1qQGoJ:download.microsoft.com/download/e/2/9/e293b664-b4c6-4e7b-8823-0e9fa9d62dae/patch_management.doc+Statistics+patches+and+critical+updates+that+must+be+made+on+Windows-based+computers&hl=es&ie=UTF-8
=========================================================
Windows Updates are necessary to help prevent problems with viruses,
worms, etc. However, they should be used in combination with
constantly updated virus definitions, firewalls, parasite removal and
frequent backups of your important data. It takes a combination of all
of these to keep you, and your computer, happy and functional.
Tech Talk (10/03)
http://www.spcug.org/reviews/bl0310.htm
=========================================================
?During the August 2003 epidemic, wide publicity from Microsoft about
installing security patches to Windows 2000 and XP operating systems
helped to prevent more widespread damage. Computers with the latest
updates were not vulnerable.?
http://www.hipaadvisory.com/action/secureqa/secure15.htm
=========================================================
- ?The number of Windows XP updates since release of XP: 65; (at least
1/2 of those 65 corrected "security" problems) ?
- The Number of OS X (Jaguar updates) < 10 (3 were related to security).
- Total time spent installing windows XP Pro and updating it: 4 hours
and 18 minutes.
- Total time spent installing OS X. 45 minutes; time at computer: 6 minutes.?
http://www.billdugan.com/projects/macjust.html
=========================================================
From an article by Brian Livingston:
?It's obvious that IT professionals have been worn out by the
onslaught of Microsoft security bulletins. The company released 72
security updates last year?almost one every five days. Burnout is why
some 200,000 SQL Server systems were unpatched and wide open when the
Slammer worm struck in January, even though Microsoft had issued a
patch for the flaw six months earlier. Even Microsoft's servers hadn't
all been upgraded, allowing Slammer to take down many of the company's
hosts.?
?The crucial question is whether enterprise executives will devote a
certain number of person-days per month to test and distribute
whatever critical patches may come out. You should if Windows is your
platform.?
eWeek article: November 3, 2003
http://www.eweek.com/print_article/0,3048,a=111026,00.asp
=========================================================
?With all the viruses and worms wriggling around lately, there's more
interest than usual in running Windows Update.?
?Of course, enterprises don't have to rely on this inefficient
end-user service. Businesses can instead use Microsoft's official
Software Update Service and several third-party patch-management
services.?
?That leaves half a billion home PCs that are running unpatched,
insecure Windows installs. These machines are being infected left and
right.?
eWeek article: September 2003
http://www.eweek.com/article2/0,4149,1273260,00.asp
=========================================================
=========
DATA LOSS
=========
Data Recovery White Paper 003
Facts about Data Loss
- ?93% of companies that lost their data center for 10 days or more
due to a disaster filed for bankruptcy within one year of the
disaster. 50% of businesses that found themselves without data
management for this same time period filed for bankruptcy
immediately.? (Source: National Archives and Records Administration in
Washington.)
- ?Of those companies participating in the 2001 Cost of Downtime
Survey, 46% said each hour of downtime would cost their companies up
to $50,000, 28 percent said each hour would cost between $51,000 and
$250,000, 18 percent said each hour would cost between $251,000 and $1
million, 8 percent said it would cost their companies more than
$1million per hour.? (Source: 2001 Cost of Downtime Survey Results,
2001.)
- ?At what point does loss of data threaten the survival of a
business? 40% of companies in the Cost of Downtime Survey said 72
hours, 21% said 48 hours, 15% said 24 hours, 8% said 8 hours, 9% said
4 hours, 3% said 1 hour, 4% said within the hour.? (Source: 2001 Cost
of Downtime Survey Results, 2001.)
Figures:
Figure 1 ? Page 3
Causes of Lost Data and Frequency of Occurrence
Figure 2 ? Page 3
Impact of Lost Data ? Sector/revenue hour
Source Ontrak.com
http://www.ontrack.com/library/rdr_2003_whitepaper.pdf
Understanding Data Loss
http://www.ontrack.com/datarecovery/dataloss.asp
=========================================================
Key causes of data loss:
78% Hardware or System Malfunction
11% Human Error
7% Software Corruption or Program Malfunction
2% Computer Viruses
1% Natural Disasters
1% Other
http://www.ontrack.co.uk/datarecovery/dataloss.asp
=========================================================
A national Harris Interactive survey of 597 computer users conducted
for Imation, Corp., reveals:
- ?Nearly three out of five personal computer users have lost an
electronic file they thought they had sufficiently stored.?
- ?One in four users frequently back up digital files, even when 85
percent of computer users say they are very concerned about losing
important digital data. ?
- ?82 percent keep a hard copy of important documents they've also
saved electronically. ?
- ?Thirty-seven percent of the survey's respondents admitted to
backing up their files less than once per month.?
- ?Nine percent admitted they have never backed up their files.?.
- ?More than 22 percent said backing up information is on their to-do
list, but they seldom do it. ?
Among home computer users who backup information:
- ?68 percent save the things most important to them in multiple
places, the hard drive as well as removable media such as floppy disks
(79 percent) compact disks (CDs, 58 percent). ?
Reality Times
http://realtytimes.com/rtcpages/20020920_computing.htm
=========================================================
Imation Data Protection Survey Imation Data Protection Survey
Final Report August 11, 2003 (20 pages)
An online survey of IT managers and directors was conducted in the
continental United States. This report provides a great deal of
statistics in pie charts and graphs
Download the full report here:
http://www.imation.com/assets/NorthAmerica_Assets/AboutImation/PDF/IMN_DPSurvey_Results.pdf
Key Findings from the Imation Data Protection Survey
- ?30 percent of companies report that they still do not have a
disaster recovery program in place and two in three companies feel
their data backup and disaster recovery plans have significant
vulnerabilities. ?
- ?Eighty-seven percent of the companies report they have a formal
data backup and storage strategy in place and 79 percent of the
companies consider tape crucial for their long-term storage and
archiving. The survey also found that 85 percent of companies view
tape as an essential technology for disaster recovery, and 83 percent
cite that tape serves an important role in supporting more robust
record retention requirements in today?s increased regulatory
environment. ?
- ?The survey finds that for 61 percent of respondents, a
well-designed data backup and storage system uses both tape and disk,
taking advantage of the benefits of each technology. Moreover, 89
percent view tape as an essential technology for disaster recovery,
and 83 percent see tape as important for meeting regulatory
requirements for data retention. ?
- ?The survey found that 36 percent of IT departments changed their
backup and restore procedures and disaster recovery planning efforts
post 9/11. The most common changes include: establishing regular
testing procedures (56%) and moving data backup offsite (43%).
However, at least 30 percent of companies surveyed still operate
without a formal disaster recovery plan. ?
- ?Fifty-nine percent of companies polled test their data backup and
storage systems at least once a quarter. Conducting a regular external
audit of backup and restore systems is far from a common practice ?
only 32 percent report conducting an external audit.?
Imation
http://www.imation.com/en_US/main.jhtml?Id=71_01_02
=========================================================
Data Loss Statistics
How much will data loss affect you?
Pie charts and statistics are provided in this article.
http://www.adrdatarecovery.com/content/adr_loss_stat.html
=========================================================
Some statistics about U.S. data loss
?Six percent of all PCs will suffer an episode of data loss in any
given year. Given the number of PCs used in US businesses in 1998,
that translates to approximately 4.6 million data loss episodes.? (The
Cost Of Lost Data, David M. Smith)
?30 percent of all businesses that have a major fire go out of
business within a year. Seventy percent fail within five years.? (Home
Office Computing Magazine)
?93% of companies that lost their data center for 10 days or more due
to a disaster filed for bankruptcy within one year of the disaster.?
?50% of businesses that found themselves without data management for
this same time period filed for bankruptcy immediately.? (National
Archives & Records Administration in Washington)
?Companies that aren't able to resume operations within ten days (of a
disaster hit) are not likely to survive.? (Strategic Research
Institute)
Boson Computing
http://www.bostoncomputing.net/consultation/databackup/statistics/
=========================================================
CERT/CC Overview Incident and Vulnerability Trends
May 15, 2003
Covers trends in information security from 1998 to present.
Table of Contents
- CERT/CC Overview
- Internet Security Overview
- Types of Intruder Attacks
- Current Vulnerabilities and Attack Methods
- Site Security Policies
- Site Incident Response
http://www.cert.org/present/cert-overview-trends/
Download Zip file containing all the modules from this link:
http://www.cert.org/present/cert-overview-trends/cert-trends-modules.zip
=========================================================
Search terms used in different combinations:
computer security, data loss, statistics, Microsoft updates, patches
critical updates, trends, computer viruses, impact, costs, surveys,
polls, backups,
I hope you find this information helpful for your research project.
Best regards,
Bobbie7 |
Clarification of Answer by
bobbie7-ga
on
07 Feb 2004 20:52 PST
Dear Prpro,
Below you will find two excellent publications and additional articles
that provide a wealth of security statistics regarding the average
consumer.
=========================================================
Fast and Present Danger: In-Home Study on Broadband Security among
American Consumers (37 pages)
This study was conducted for the National Cyber Security Alliance by
America Online, Inc. May 2003
?The purpose of this study was to explore broadband consumer
perceptions of their online security and compare those perceptions to
the actual security protections of their current computer
configuration and Internet connection. Factors examined in the course
of the study included subject awareness and comprehension of online
security issues, steps the subjects believed they were taking to
protect themselves, and the effectiveness of any currently
implemented security measures on the subjects? computers.?
You may download the full study here:
http://www.staysafeonline.info/press/060403.pdf
- ?91% of Broadband Users Have Spyware Lurking on Home Computers
- 97% of Broadband Parents Do Not Use Parental Controls
- 67% of Users Do Not Have Properly and Securely Configured Firewalls
- 62% Do Not Regularly Update Anti-Virus Software
- Despite Vulnerabilities, 86% Keep Sensitive Information on Home Computer?
Key findings:
?Consumers use their computers to store private and sensitive information?
- ?86% say they keep sensitive health, financial, or personal
information on their home computer.
- 79% say they use their home computer to conduct sensitive financial
or medical transactions on the Internet.
- 48% have children under 18 in the household with access to the computer.?
?Consumers believe they have taken adequate steps to protect themselves?
- ?86% say the feel their computer is very or somewhat protected from
online threats.
- 78% say they feel their computer is very or somewhat protected from
viruses and Trojan Horse programs.
- 77% say they feel their computer is very or somewhat protected from hackers.?
? Despite that false sense of security, consumers are not protected ?
- ?91% of users have intrusion software (frequently referred to as
"spyware" or "sneakware") on their home computers, much of it placed
surreptitiously by music or file sharing programs. Despite heavy use
of those programs, 94% of users do not know that spyware is often
bundled with file sharing programs.?
- ?97% of parents with broadband connections do not use parental
controls to keep their children safer from inappropriate content and
contact with strangers on the Internet.?
- ?Although 76% have some kind of anti-virus software computer, only
half of that group has updated their software in the past month. With
250 new viruses released each month, 62% of all broadband users are
thus significantly vulnerable.?
- ?41% of users lack any kind of firewall whatsoever, leaving their
computer wide open to attack from the Internet.
- Only 33% have a properly configured and secure firewall, meaning two
out of every three broadband homes are not secure?
The National Cyber Security Alliance: JUNE 4, 2003
http://www.staysafeonline.info/press/060403.adp
=========================================================
Internet Security Study about computer safety and security awareness.
conducted by Digital Marketing Services (DMS)(38 pages)
According to this Internet Security Study:
- ?40% of computer users have been infected by a virus.
- 17% of computer users do not have anti-virus software.
- 75% of computer users either don't have or don't update their
anti-virus software on a regular basis.?
This publication provides 38 pages of graphs, charts and statistics.
You may download it here:
http://www.staysafeonline.info/press/Security_Report_8.02.pdf
=========================================================
?38% of the people surveyed used the anti-virus software properly; 3%
of those living with children employed parental control, and 33%
effectively implemented a firewall. In all, only 11% of the 120
participants safeguarded their computers against attacks.?
Forbes.com
http://www.forbes.com/2003/06/13/cx_mb_0613tentech.html
=========================================================
?Despite red-alert headlines about hackers, worms and viruses, and
despite the threat of identity theft and misappropriation of personal
data , many home computer users have yet to invest in the first line
of defense against external attacks: a firewall .?
"Currently, only about 55 percent of antivirus customers have a
firewall installed," James Schmidt, product manager for the McAfee
Personal Firewall (MPF) product at McAfee Security, told the
E-Commerce Times. This figure is troubling, considering that it takes
into account only people who already have purchased antivirus
software. In other words, these are the people who are concerned about
Internet security. Statistics among the larger population of all
Internet users likely are far more dismal.?
ECT News Network: October 2003
http://www.crmbuyer.com/perl/story/31889.html
=========================================================
Securing Your PC: You're On Your Own
Microsoft doesn't make it easy for you to keep hackers out, but there
are measures you can take
?Every Windows XP desktop and laptop ships with a hidden account
called Administrator that either has no password or a password common
to all computers from a manufacturer -- which means the bad guys
probably know what it is. Anyone with physical access to the PC has a
good chance of gaining complete control of the computer.?
?Most people are inclined to ignore these issues, especially on home
PCs, figuring their security needs are minimal. For computers that use
only dial-up accounts to reach the Internet or corporate networks, the
risk is indeed very small. Unprotected PCs on broadband connections
are another story.?
?Microsoft has no immediate plans to make it easy for individual users
to secure their PCs.?
(..)
?You should lock down those accounts that Microsoft sloppily left
exposed. Open the User Accounts control panel and select "change
account" to set a password for every account.?
BusinessWeek Online: May 26, 2003
http://www.businessweek.com/magazine/content/03_21/b3834047.htm
=========================================================
?If you don?t take an active part in securing your home network, then
you?re at risk. Don?t dismiss the likelihood of a stranger accessing
your computers. If you have a high- speed connection to the Internet,
then you?re probably scanned for common vulnerabilities much more
frequently than you would expect.?
?A poorly configured Windows box running file and print sharing
without a password was accessed in less than 24 hours. The risk is far
more prevalent than you would probably expect; on average, 5-10 scans
come across daily looking for easily exploitable services. The most
common scan that we found was on port 1080--attackers looking for an
improperly configured proxy that can be used to steal a victim?s
network identity.?
http://networking.earthweb.com/netsecur/article.php/624471
=========================================================
?The virus outbreaks of 2002 were less dramatic than the Code Red and
Nimda scares of 2001. But this year's trends are very clear: The new
target is the home user.?
?On the home front users are transmitting viruses at an epic pace.?
?According to security firm MessageLabs, one out of every 212 email
messages in 2002 contained a virus. That rate is up from 2001, when
only one in 380 email messages contained a virus.?
?MessageLabs confirms that Klez was the No. 1 virus of 2002.?
?Peer-to-peer file sharing services, especially KaZaA, were targeted
more and more throughout the year. The Benjamin, Backdoor.K0wbot,
Lolol, and Duload worms infected computers and then renamed themselves
as enticing downloads. Once downloaded, they started the infection
process all over again.?
?Another trend late in 2002 was e-greetings loaded with malicious
code. Three specific threats gave email users varying degrees of
annoyance. One popped porn up on users' desktops. Another raided their
Outlook address books for email addresses to add to a spam database.
Yet another installed spyware on people's computers.?
techtv
http://www.techtv.com/news/securityalert/story/0,24195,3412680,00.html
=========================================================
Pop-ups Plague PC Users
Commercial malware is now more prevalent on PCs than the viruses,
trojans and worms.
This produces: computer slowdowns, program crashes, mysterious
software modules loading automatically, and scads of windows popping
up constantly.
?Commercial malware may be mass-mailed and embedded in spam, and
installs itself when the recipient opens an attachment. A fair number
of music files offered by individuals on peer-to-peer networks are
delicately laced with malware. The worst offenders use drive-by
downloads, exploiting a flaw in Windows security that can put software
onto PCs when it contacts specially programmed Web sites.?
Computer Cops
http://computercops.biz/article3509.html
=========================================================
Home User Security: Your First Defense
by Sarah Granger
http://www.securityfocus.com/infocus/1746
=========================================================
Home Network Security
?This document gives home users an overview of the security risks and
countermeasures associated with Internet connectivity, especially in
the context of ?always-on? or broadband access services (such as cable
modems and DSL). However, much of the content is also relevant to
traditional dial-up users (users who connect to the Internet using a
modem).?
http://www.cert.org/tech_tips/home_networks.html
=========================================================
I hope you find this additional information helpful!
Sincerely,
Bobbie7
|
