Information Security Risk Briefing May 2, 2005. William Harrod VP Intelligence Division Cybertrust William.Harrod@cybertrust.com. Agenda. Welcome & True Confessions Who is Cybertrust? PITAC Report What is wrong with our thinking? Risk Models That Work Good Data.
Information Security Risk Briefing May 2, 2005
VP Intelligence Division
Monthly Intelligence Activities
2.5 million internal IP address scans
Thousands of IPs Penetration Tested
1.2 million lines of security code analyzed
Online Guardian Hundreds of millions of security events analyzed and correlated
1.2 million remote IP address scans
Tracks thousands of sources daily
400 Usenet groups followed
Hundreds of Internet malware sensors watched
200 GBs Web data collected and analyzed
IS/Recon - 10,000 hackers tracked
Tracks malcode in the wild
10,000 Web sites monitored
Daily Intelligence Activities
According to a study just published by Zone-H, ATTACKS against Corporate Servers rose by 36% in 2004 to nearly 400,000 attacks.
Daily rate of successful web site hacks
2004 Web Site defacement trends by OS:
Often a reconnaissance or fingerprinting of active devices in order to assemble a target list for hacking vulnerable devices
Spam, Spyware, Worms, Virus, Phishing, Extortion, Scams…
About a dozen computers somewhere in your organization encountered a computer virus, worm, or spyware.
Three people scrounged through desks and drawers looking for someone else’s password. One of them succeeded and used it.
On average six sexually explicit graphics were mailed or shared among some of your users in the past week. There is a 50-50 chance that some of these are stored on your network.
At least one person experimented with a “hacking” tool or technique on the general computers, servers, and databases inside your network in the past month.
Despite all the press and focus on hacking and viruses, there is a 65% likelihood that the next security breach your staff deals with will come from an insider.
Statistics provided by ICSA Labs