Tuesday, January 17, 2006

PGP Corporation CTO on Insider Threats and CSI "survey"

Here is another curious bit on insider (aka "internal") attacks vs external attacks.

PGP Corporation - Library - CTO Corner - Insider Threats: "For example, the 2005 CSI/FBI Computer Crime and Security Survey tells us that 80% of respondents reported security incidents involving insider abuse in 2004 (up from 64% in 2003). Sounds bad, doesn't it? But if you think about it, this is precisely what you'd see if there were an improvement in perimeter defenses. There would a higher proportion of insider attacks. (I also note that the actual rate of estimated insider problems hasn't changed since the dot-com days.)"

So, we are pretty much assured that the percentage of "insider attacks" will grow in the coming years without really growing in number (and possibly even shrinking, just slower than "external threats"). In addition, limitations in reporting (and even measuring) such attacks will skew the numbers significantly in whatever direction.

On the other hand, I just mailed my copy of CSI 2006 survey. OMG! No wonder this "most quoted survey" produce near-random results with such high reliability :-) Several terms and questions were so poorly defined that giving any semblance of "correct" answer is next to impossible.

Dr Anton Chuvakin