• No results found

Computer Crime & Security Survey

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Computer Crime & Security Survey"

Copied!
15
0
0

Loading.... (view fulltext now)

Download now ( 15 Page )

Full text

(1)

4

4

th

th

Japan & US

Japan & US

Computer Crime & Security Survey

Computer Crime & Security Survey

Katsuya Uchida

Professor, Ph. D.

Institute of Information Security

[email protected]

(2)

Respondents by Number of Employees

15% 13% 22% 20% 40%43% 14% 14% 26% 27% 12%15% 17% 15% 26% 23% 2% 2% 25% 27% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 1 ~ 99 100 ~ 499 500 ~ 1499 1,500 ~ 9,999 10,000 or more Japan: 2007(4th) 783 2006(3rd) 1,002 CSI: 2006 614 2005 549

(3)

Respondents by Industry Sector

Respondents: CSI: 2006=615, 2005= 699 Japan: 2007=782, 2006=1,004

6%

6%

Others

19%

11%

Others

0%

0%

Utilities

-14%

Consulting

1%

1%

High-tech

1%

1%

Legal

1%

1%

Medical / Welfare

1%

1%

Retail

1%

1%

Food / Hotel

1%

1%

Transportation

2%

2%

Real estate

2%

3%

Local Government

2%

3%

Financial

4%

3%

Utilities

3%

3%

Transportation

4%

4%

Telecommunication

5%

3%

Complex retail

5%

3%

State Government

7%

7%

Telecommunication

6%

8%

Educational

8%

7%

Construction

7%

7%

Medical

5%

13%

Government

9%

8%

Federal Government

12%

13%

Educational

9%

9%

Manufacturing

14%

15%

Retail

15%

11%

High-Tech/Info. Tech

34%

27%

Manufacturing

17%

17%

Financial

2006

2007

Industry Sector

2005

2006

Industry Sector

JAPAN

C S I

(4)

Respondents by Job Description

0% 10% 20% 30% 40% 50% 60% Systems Admin Sec Offic e r/ Mgr/Directr CIO CEO CISO CSO Oth er s

Respondents: CSI: 2006=615, 2005= 690 Japan: 2007=739, 2006=1,004 Japan: 2007(4th) 739 2006(3rd) 1,004 CSI: 2006 614 2005 690 44% 52% 12% 7% 16% 19% 23%26% 2%1% 8% 6% 35% 1%1% 8% 7% 1% 1% 13%13% 0%1% 6% 5% 35% 26% 32%

(5)

Respondents: Japan: 2007=781 2006=1,004

Number of PCs

1 % 1 % 1 8 % 1 6 % 5 3 % 5 7 % 2 8 % 2 6 % 0 % 1 0 % 2 0 % 3 0 % 4 0 % 5 0 % 6 0 % Le ss t h an 1 0 1 1 - 9 9 1 0 0 - 9 9 9 M o r e t h an 1 , 0 0 0 Japan: 2007(4th) 781 2006(3rd) 1,004

(6)

Percentage of IT Budget Spent on Security

0%

5%

10%

15%

20%

25%

30%

Less than

1%

1-2%

3-5%

6-7%

8-10%

More than

10%

Unknown

Respondents: CSI: 2006=613, 2005= 690 Japan: 2007=752, 2006=964 Japan: 2007(4th) 752 2006(3rd) 964 CSI: 2006 613 2005 690 10% 15%16% 21% 11% 14% 16% 26% 24% 16% 18% 6% 24% 4% 6% 11% 8% 11% 9% 15% 11% 13% 1113%% 8% 27% 23% 12%

(7)

Percentage of Organizations

Using ROI, NPV and IRR Metrics

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

ROI

NPV

IR R

Others

Unknown

Non

Japan: 2007(4th) 760 2006(3rd) 980 CSI: 2006 512 2005 599

Respondents: CSI: 2006=512, 2005= 599 Japan: 2007=760, 2006=980

91% 2% 1% 42% 38% 1% 0.3% 19% 18% 0%0.4 % 21%19% 4% 7% 10% 87%

(8)

Organizations with External

Insurance Against Cybersecurity Risks

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Insurance

No Insurance

Respondents: CSI: 2006=571, 2005= 652 Japan: 2007=767, 2006=997 Japan: 2007(4th) 767 2006(3rd) 997 CSI: 2006 571 2005 652 11% 8% 29% 25% 89% 92% 71% 75%

(9)

Organizations Conducting Security Audits

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Interna l Ex terna l N on

Respondents: CSI: 2006=597 Japan: 2007=771, 2006=995 Japan: 2007(4th) 771 2006(3rd) 995 CSI: 2006 597 38% 29% 82% 22% 16% 62% 54% 62%

(10)

Percentage of Security Function Outsourced

0 % 1 0 % 2 0 % 3 0 % 4 0 % 5 0 % 6 0 % 7 0 % Non e 1 - 2 0 % 2 1 - 4 0 % 4 1 - 6 0 % 6 1 - 8 0 % 8 1 - 1 0 0 % Respondents: CSI: 2006=609, 2005= 682 Japan: 2007=735, 2006=923

Japan: 2007(4th) 735 2006(3rd) 923 CSI: 2006 609 2005 682 51% 54% 61%63% 21%22% 27%26% 5% 5% 6% 6% 7% 6% 4% 2% 5% 5% 1% 2% 11% 8% 1% 0%

(11)

Security Technologies Used

-31%

Endpoint security clinent software

-2% 38% Forensics tools -17% 39% Application-level Firewall 10% 15% 35% 43%

Intrusion Prevention System : IPS

-12%

32% Specialized wireless security system

32% 35%

68% 63%

Encryption for data in transit

37% 41%

Log Management Software

47% 79% Anti-Spyware 83% 82% 52% 46%

Reusable account/login passwords

4% 20% 36% 38% 48% 69% 70% 98% 97% 2006 4% 9% 9% 8% 18% 19% 24% 69% 92% 95% 2007 JPN CSI 5% -Others 9% 15% Biometrics 10% 35%

Public Key Infrastructure

11% One time passwords

15% 42%

Smart cards/Other one-time password tokens

27% 46%

Encryption for data in Storage

21% 72%

Intrusion Detection System : IDS

75% 70%

Server-based Access Control Lists

91% 97% Firewall 94% 96% Anti-Virus Software 2006 2005

(12)

Unauthorized Use of Computer Systems

within the Last 12 Months

0 % 1 0 % 2 0 % 3 0 % 4 0 % 5 0 % 6 0 % 7 0 % 8 0 % Y e s No Do n ' t kn o w

Respondents: CSI: 2006=616, 2005=693 Japan: 2007=759, 2006=984 12% 3% 5% 52% 57% 77% 71% 38% 31% 19% 24 % 10% Japan: 2007(4th) 759 2006(3rd) 984 CSI: 2006 616 2005 693

(13)

Types of Attacks or Misuse

Detected in the Last 12 Months

2 % 4 % -Other 0 % 11 1 % 48 % 10 8 % Telecom fraud 13 12 10 9 8 7 6 5 4 3 2 1 11 9 7 13 8 6 12 4 5 3 2 1 Japan C S I 2006 2007 2005 2006 43 % 0 % 2 % 2 % 3 % 4 % 5 % 5 % 14 % 22 % 30 % 84 % -6 % 9 % 14 % 3 % 9 % 15 % 6 % 32 % 25% 42% 47% 65% 23 % -No attack / Misuse 3 % 5 %

Misuse of Public Web Application

0 %

7 %

Financial fraud

3 %

16 %

Abuse of Wireless Network

1 %

7 %

Sabotage

2 %

2 %

Theft of Proprietary Information

4 %

10 %

System Penetration

-5 %

Web Site Defacement

5 %

32 %

Unauthorized access to Information

11 %

48 %

Denial of Service

18 %

9 %

Insider Abuse of Net Access

23 % 75 % Laptop/Mobile Theft 67 % 32 % Virus

Note: Percentages of CSI 2005 is calculated from Fig. 14 in 2005 CSI/FBI survey

(14)

How Many Incidents?

From the Outside? From the Inside?

-28% 9% 15% 48% 2006 9 % 10 % 12 % 12 % 35 % 44 % Don’t Know 41 % 1 % 3 % 4 % 42 % 2006 56 % 1 % 2 % 2 % 30 % 2007 Outside 52 % 1 % 1 % 3 % 31 % 2006 65 % 0 % 1 % 3 % 19 % 2007 Inside Japan -8 % 10 % 47 % 2005 Outside -3 % 7 % 46 % 2005 Inside CSI None 31 -11 – 30 6 – 10 1 - 5

(15)

Dollar Amount Losses by Type

12,100 -2,227,500 14 269,500 Misuse of public Web App

53,335 21,581 203,606 167,713 Avarage of Losses/Resp 11,520,541 5,308,928 130,104,542 52,494,290 Total Losses 1,231,160 113,800 885,000 Other -17 160 -13 291,510 Instant Msg misuse -16 360 -18 90,100 Exploit of DNS Server 11,300 15 1,160 544,700 12 469,010 Abuse of wireless net

-14 5,010 -11 647,510 Phishing in which your org.

-13 17,460 -17 161,210 Password sniffing 12,200 12 20,160 340,600 15 260,000 Sabotage 38,585 11 27,552 115,000 16 162,500 Web site defacement

64,310 10 35,260 841,400 10 758,000 System Penetration 50,000 9 100,160 2,565,000 6 2,556,900 Financial Fraud -8 108,860 -9 923,700 Bots within the organ.

258,132 7 140,202 7,310,725 5 2,922,000 Denial of Service 213,200 6 222,637 31,233,100 2 10,617,000 Unauthorized Access 579,987 5 224,178 6,856,450 7 1,849,810 Insider Net Abuse

230,382 4 229,260 30,933,000 4 6,034,000 Theft of proprietary Info

20,000 3 509,960 242,000 8 1,262,410 Telecom Fraud 3,769,338 2 636,707 4,107,300 3 6,642,660 Laptop Theft 5,029,847 1 2,916,042 42,787,767 1 15,691,460 Virus 2006 2007 2005 2006 Japan CSI Unit: $(=¥100)

References

Download now ( PDF - 15 Page - 112.49 KB )

Related documents

History Department, Trent University. HIST 1702H World History from Winter Term. UOIT/Durham North Campus.

By the end of this course, students should be able to define, describe, and analyse important themes in world history and understand the basic conventions for analysing

Team Leader: Marco Gatti, Principal Evaluation Specialist ( Contact:

Nepal’s Country Partnership Strategy (CPS), 1 covering the period 2010–2012, was designed to support the country's peace and development aspirations by promoting four pillars:

The Sacramento Recorder Society

It is a chapter of the American Recorder Society and an affili- ate of the San Francisco Early Music Soci- ety. We welcome recorder players of all ages and abilities as well

Power quality measurement and active harmonic power in 25 kV 50 Hz AC railway systems

Based on the power analysis performed on 12 train journey recordings, evidence of non-negligible harmonic energy is provided to support the recommendation that future rail

An Overview of the Smart Grid in Great Britain

Various actors are involved in the development of the smart grid in GB, including the government (Department of Energy and Climate Change, DECC), a national regulatory authority

furnishings flammability characteristics

Flammability tests were conducted on pure Ingeo fiber or on fabrics made from Ingeo fibers, without any FR treatment, to evaluate ignition characteristics, flame

Metals: Steel Cans & Scrap

Obsolete scrap made up an estimated 46 percent (32.2 million metric tons) of the total scrap recovered. The 1.7 million tons of steel cans recovered through recycling represents

'Nursing Hours' or 'nursing' hours - a discourse analysis

I illustrate how the discursive practices of „flexibility‟ govern nursing practice within the context of the hospital‟s market position using Foucault‟s (1972) archaeology to