Statistics Pertaining to Data Loss, Computer Crimes, and General Computer Security issues.

Data Recovery White Paper 003

Facts about Data Loss

“93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster. 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately.” (Source: National Archives and Records Administration in Washington.)

Of those companies participating in the 2001 Cost of Downtime Survey :

• 46% said each hour of downtime would cost their companies up to $50,000

• 28 percent said each hour would cost between $51,000 and $250,000

• 18 percent said each hour would cost between $251,000 and $1million

• 8 percent said it would cost their companies more than $1million per hour

 (Source: 2001 Cost of Downtime Survey Results, 2001.)

 At what point does loss of data threaten the survival of a business?

• 40% of companies in the Cost of Downtime Survey said 72 hours

• 21% said 48 hours,

• 15% said 24 hours

• 8% said 8 hours

• 9% said4 hours

• 3% said 1 hour

• 4% said within the hour

(Source: 2001 Cost of Downtime Survey Results, 2001.)

 Figures:

 Figure 1 – Page 3 

Causes of Lost Data and Frequency of Occurrence

 Figure 2 – Page 3 

Impact of Lost Data – Sector/revenue hour

Source Ontrak.com

 http://www.ontrack.com/library/rdr_2003_whitepaper.pdf

 Understanding Data Loss

http://www.ontrack.com/datarecovery/dataloss.asp

 ============================= 

Key causes of data loss:

• 78% Hardware or System Malfunction

• 11% Human Error

• 7% Software Corruption or Program Malfunction

• 2% Computer Viruses

• 1% Natural Disasters

• 1% Other

http://www.ontrack.co.uk/datarecovery/dataloss.asp

=================================

A national Harris Interactive survey of 597 computer users conducted for Imation, Corp., reveals: 

• “Nearly three out of five personal computer users have lost an electronic file they thought they had sufficiently stored.”  

• “One in four users frequently back up digital files, even when 85 percent of computer users say they are very concerned about losing important digital data.

•  “82 percent keep a hard copy of important documents they've also saved electronically”

•  “Thirty-seven percent of the survey's respondents admitted to backing up their files less than once per month.”

•  "Nine percent admitted they have never backed up their files”

•  “More than 22 percent said backing up information is on their to-do list, but they seldom do it. “

• Among home computer users who backup information:

• “68 percent save the things most important to them in multiple places, the hard drive as well as removable media such as floppy disks (79 percent) compact disks (CDs, 58 percent). “

Reality Times

 http://realtytimes.com/rtcpages/20020920_computing.htm

 =================================

Imation Data Protection Survey Imation Data Protection Survey Final Report August 11, 2003 (20 pages)

An online survey of IT managers and directors was conducted in the continental United States. This report provides a great deal of statistics in pie charts and graphs

Download the full report here:

http://www.imation.com/assets/NorthAmerica_Assets/AboutImation/PDF/IMN_DPSurvey_Results.pdf

Key Findings from the Imation Data Protection Survey

•  “30 percent of companies report that they still do not have a disaster recovery program in place and two in three companies feel their data backup and disaster recovery plans have significant vulnerabilities. "

• “Eighty-seven percent of the companies report they have a formal data backup and storage strategy in place and 79 percent of the companies consider tape crucial for their long-term storage and archiving. The survey also found that 85 percent of companies view tape as an essential technology for disaster recovery, and 83 percent cite that tape serves an important role in supporting more robust record retention requirements in today’s increased regulatory environment. “  

• “The survey finds that for 61 percent of respondents, a well-designed data backup and storage system uses both tape and disk, taking advantage of the benefits of each technology. Moreover, 89 percent view tape as an essential technology for disaster recovery, and 83 percent see tape as important for meeting regulatory requirements for data retention. “  

• "The survey found that 36 percent of IT departments changed their backup and restore procedures and disaster recovery planning efforts post 9/11. The most common changes include: establishing regular testing procedures (56%) and moving data backup offsite (43%).However, at least 30 percent of companies surveyed still operate without a formal disaster recovery plan. “

•  “Fifty-nine percent of companies polled test their data backup and storage systems at least once a quarter. Conducting a regular external audit of backup and restore systems is far from a common practice – only 32 percent report conducting an external audit.“

Imation

 http://www.imation.com/en_US/main.jhtml?Id=71_01_02

 ===============================  

Data Loss Statistics

How much will data loss affect you?

Pie charts and statistics are provided in this article.

http://www.adrdatarecovery.com/content/adr_loss_stat.html

 =============================== 

Some statistics about U.S. data loss

• “Six percent of all PCs will suffer an episode of data loss in any given year. Given the number of PCs used in US businesses in 1998, that translates to approximately 4.6 million data loss episodes.”

• (TheCost Of Lost Data, David M. Smith)

•  “30 percent of all businesses that have a major fire go out of business within a year. Seventy percent fail within five years.”

• (HomeOffice Computing Magazine)

•  “93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster and 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately.”

• (National Archives & Records Administration in Washington)  

• “Companies that aren't able to resume operations within ten days (of a disaster hit) are not likely to survive.” (Strategic Research Institute)

 Boston Computing

 http://www.bostoncomputing.net/consultation/databackup/statistics/

================================

 CERT/CC Overview Incident and Vulnerability Trends

 May 15, 2003

 Covers trends in information security from 1998 to present.  

Table of Contents

-CERT/CC Overview  

- Internet Security Overview  

- Types of Intruder Attacks 

- Current Vulnerabilities and Attack Methods

 - Site Security Policies

 - Site Incident Response  

http://www.cert.org/present/cert-overview-trends/

Download Zip file containing all the modules from this link:

 http://www.cert.org/present/cert-overview-trends/cert-trends-modules.zip

 =========================

Below you will find two excellent publications and additional articles that provide a wealth of security statistics regarding the average consumer.

==========================

Fast and Present Danger: In-Home Study on Broadband Security among American Consumers (37 pages)

This study was conducted for the National Cyber Security Alliance by America Online, Inc. May 2003

“The purpose of this study was to explore broadband consumer perceptions of their online security and compare those perceptions to the actual security protections of their current computer configuration and Internet connection. Factors examined in the course of the study included subject awareness and comprehension of online security issues, steps the subjects believed they were taking to protect themselves, and the effectiveness of any currently implemented security measures on the subjects’ computers.”

You may download the full study here:

 http://www.staysafeonline.info/press/060403.pdf

• “91% of Broadband Users Have Spyware Lurking on Home Computers

• 97% of Broadband Parents Do Not Use Parental Controls  

• 67% of Users Do Not Have Properly and Securely Configured Firewalls  

• 62% Do Not Regularly Update Anti-Virus Software  

• Despite Vulnerabilities, 86% Keep Sensitive Information on Home Computer”  

Key findings:

•  “Consumers use their computers to store private and sensitive information”

•  “86% say they keep sensitive health, financial, or personal information on their home computer.

•  79% say they use their home computer to conduct sensitive financial or medical transactions on the Internet.

• 48% have children under 18 in the household with access to the computer.”  

• “Consumers believe they have taken adequate steps to protect themselves”

• “86% say the feel their computer is very or somewhat protected from online threats.  

• 78% say they feel their computer is very or somewhat protected from viruses and Trojan Horse programs.

• 77% say they feel their computer is very or somewhat protected from hackers.”  

• “Despite that false sense of security, consumers are not protected “

•  “91% of users have intrusion software (frequently referred to as "spyware" or "sneakware") on their home computers, much of it placed surreptitiously by music or file sharing programs. Despite heavy use of those programs, 94% of users do not know that spyware is often bundled with file sharing programs.”  

• “97% of parents with broadband connections do not use parental controls to keep their children safer from inappropriate content and contact with strangers on the Internet.”

• “Although 76% have some kind of anti-virus software computer, only half of that group has updated their software in the past month. With 250 new viruses released each month, 62% of all broadband users are thus significantly vulnerable.”  

• “41% of users lack any kind of firewall whatsoever, leaving their computer wide open to attack from the Internet.

• "Only 33% have a properly configured and secure firewall, meaning two out of every three broadband homes are not secure”

The National Cyber Security Alliance: JUNE 4, 2003 

http://www.staysafeonline.info/press/060403.adp

 =============================

Internet Security Study about computer safety and security awareness. Conducted by Digital Marketing Services (DMS)(38 pages)

According to this Internet Security Study:

• “40% of computer users have been infected by a virus.

• 17% of computer users do not have anti-virus software.

• 75% of computer users either don't have or don't update their anti-virus software on a regular basis.”

This publication provides 38 pages of graphs, charts and statistics.

You may download it here:

http://www.staysafeonline.info/press/Security_Report_8.02.pdf

 ===========================

“38% of the people surveyed used the anti-virus software properly; 3% of those living with children employed parental control, and 33% effectively implemented a firewall. In all, only 11% of the 120 participants safeguarded their computers against attacks.” 

Forbes.com

 http://www.forbes.com/2003/06/13/cx_mb_0613tentech.html

============================

• “Despite red-alert headlines about hackers, worms and viruses, and despite the threat of identity theft and misappropriation of personal data , many home computer users have yet to invest in the first line of defense against external attacks: a firewall .”  

• "Currently, only about 55 percent of antivirus customers have a firewall installed," James Schmidt, product manager for the McAfee Personal Firewall (MPF) product at McAfee Security, told the E-Commerce Times.

• "This figure is troubling, considering that it takes into account only people who already have purchased antivirus software. In other words, these are the people who are concerned about Internet security. Statistics among the larger population of all Internet users likely are far more dismal.”

ECT News Network: October 2003

 http://www.crmbuyer.com/perl/story/31889.html

===============================

Securing Your PC: You're On Your Own

Microsoft doesn't make it easy for you to keep hackers out, but there are measures you can take

• “Every Windows XP desktop and laptop ships with a hidden account called Administrator that either has no password or a password common to all computers from a manufacturer -- which means the bad guys probably know what it is. Anyone with physical access to the PC has a good chance of gaining complete control of the computer.”

• “Most people are inclined to ignore these issues, especially on home PCs, figuring their security needs are minimal. For computers that use only dial-up accounts to reach the Internet or corporate networks, the risk is indeed very small. Unprotected PCs on broadband connections are another story.”

• “Microsoft has no immediate plans to make it easy for individual users to secure their PCs.”

• “You should lock down those accounts that Microsoft sloppily left exposed. Open the User Accounts control panel and select "change account" to set a password for every account.”

BusinessWeek Online: May 26, 2003

http://www.businessweek.com/magazine/content/03_21/b3834047.htm

 ============================

• “If you don’t take an active part in securing your home network, then you’re at risk. Don’t dismiss the likelihood of a stranger accessing your computers. If you have a high- speed connection to the Internet, then you’re probably scanned for common vulnerabilities much more frequently than you would expect.”

• “A poorly configured Windows box running file and print sharing without a password was accessed in less than 24 hours. The risk is far more prevalent than you would probably expect; on average, 5-10 scans come across daily looking for easily exploitable services. The most common scan that we found was on port 1080--attackers looking for an improperly configured proxy that can be used to steal a victim’s network identity.”

http://networking.earthweb.com/netsecur/article.php/624471

 ===========================

• “The virus outbreaks of 2002 were less dramatic than the Code Red and  Nimda scares of 2001. But this year's trends are very clear: The new target is the home user.”

• “On the home front users are transmitting viruses at an epic pace.”

• “According to security firm MessageLabs, one out of every 212 email messages in 2002 contained a virus. That rate is up from 2001, when only one in 380 email messages contained a virus.“  

• “MessageLabs confirms that Klez was the No. 1 virus of 2002.”

• “Peer-to-peer file sharing services, especially KaZaA, were targeted more and more throughout the year. The Benjamin, Backdoor.K0wbot, Lolol, and Duload worms infected computers and then renamed themselves as enticing downloads. Once downloaded, they started the infection process all over again.”

• “Another trend late in 2002 was e-greetings loaded with malicious code. Three specific threats gave email users varying degrees of annoyance. One popped porn up on users' desktops. Another raided their Outlook address books for email addresses to add to a spam database. Yet another installed spyware on people's computers.”

techtv

 http://www.techtv.com/news/securityalert/story/0,24195,3412680,00.html

===============================

Pop-ups Plague PC Users

• Commercial malware is now more prevalent on PCs than the viruses, Trojans and worms.

• This produces: computer slowdowns, program crashes, mysterious software modules loading automatically, and scads of windows popping up constantly.

• “Commercial malware may be mass-mailed and embedded in spam, and installs itself when the recipient opens an attachment. A fair number of music files offered by individuals on peer-to-peer networks are delicately laced with malware. The worst offenders use drive-by downloads, exploiting a flaw in Windows security that can put software onto PCs when it contacts specially programmed Web sites.”

Computer Cops

http://computercops.biz/article3509.html

========================== 

Home User Security: Your First Defense,  by Sarah Granger 

http://www.securityfocus.com/infocus/1746

===============================

Home Network Security

 “This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of “always-on” or broadband access services (such as cable modems and DSL). However, much of the content is also relevant to traditional dial-up users (users who connect to the Internet using amodem).”

http://www.cert.org/tech_tips/home_networks.html

==============================

“According to a study commissioned by Microsoft, 63 percent of home users do not have an antivirus solution or do not keep their antivirus solution up-to-date. Without updated signatures, antivirus software is ineffective against new viruses.” 

Microsoft.com

http://download.microsoft.com/download/d/f/a/dfa2d24f-c55f-4c51-b885-7c0a93116531/virus_protection.doc

===============================

“Ninety-nine percent of attachments that people get that they didn't ask for are some type of worm or virus."

Typical cost  “Anti-virus software for a home computer typically costs between $25 and $45 a year, including a year of updating.”

 The Vindicator, 2003

http://www.vindy.com/print/279090960403464.shtml

============================= 

• “Experts agree that the large number of personal computer users operating without up-to-date antivirus software and/or a personal firewall collectively represents one of the single greatest information security risks to users of the Internet.”  

• “Computer Associates International, Inc. (CA) in conjunction with Microsoft Corp. today announced an offer to provide qualified Windows home computer users with a no-charge, one-year subscription to CA's eTrust EZ Armor antivirus and firewall desktop security suite.”  

• “According to the eighth annual ICSA Labs Virus Prevalence Survey, there are roughly 105 virus infections per 1,000 PCs per month. This has increased steadily from 32 per 1,000 in 1998. A recent survey conducted by AOL also revealed that 62 percent of home broadband users did not have recently updated antivirus software on their machines.”  

CPU Review: Nov 2003

http://www.cpureview.com/news/20031118ca.htm

===================================

“More than two-thirds (69 percent) of home computer users and nearly half (46 percent) of work computer users personally back up their data only once a month or less often, or they never back up their data. As a result, computer users are often completely unprepared for sudden attacks by hackers, viruses, blackouts and electrical failure.”

Iomega 2001

http://www.iomega.com/about/prreleases/2001/viruses_hackers_poweroutages.html

=====================================

Poll: Hacks Worry 90 Percent Of Home Net Users

“PC Data Online said its poll found that 28 percent of home Internet users believe the government should police the Web, while 21 percent said the individual sites themselves should be responsible. Others said private industry (17 percent), the online community (17 percent) or an international organization (17 percent) should bear responsibility for policing the Web.”

Newsbytes PM: 2000

http://www.findarticles.com/cf_0/m0HDN/2000_Feb_15/59703953/p1/article.jhtml

=================================

Hijacked PCs spread 30% of spam

Report: Marketers attack home computers, send e-mail 

By Munir Kotadia

http://msnbc.msn.com/id/3660513/ 

===========================

• “Furthermore, since more and more home users are signing up for always- on, high-speed Internet access such as ADSL (asymmetric digital subscriber line), there will be a large increase in the number of home users who find their computers have been attacked, Cluley said.”

•  "Home users should, like everyone else using Microsoft's Outlook and Outlook Express e-mail programs, or even Microsoft server software, should be signed up to receive their security updates. Also, home users may want to consider getting a firewall for their PCs at home," Cluley said.”

 http://www.itworld.com/nl/unix_sec/12202001/

 ============================ 

“Studies have shown that more than 60 percent of home computer users neglect to update their antivirus every day -- or, worse, don't even have a solution installed.”

 TechNewsWorld: November 21, 2003

 http://www.technewsworld.com/perl/story/32224.html

================================

“A survey conducted by the group found that 84 percent of home computer users are concerned about security, but more than three-fourths don't take basic precautions, such as updating antivirus software.”

Security Wire Digest: October 25, 2002

==================================

As much as 60% of corporate data resides unprotected on PC desktops and laptops.

(IDC analyst Cynthia Doyle, Business Continuity in 2002: It's Not Business as Usual, April 2002)

====================================

Viruses: Survey finds PCs infected at a rate of more than 10% each month.

(ICSA Labs, 2002)

ZDNet
http://zdnet.com.com/2100-1105_2-5142144.html

===============================

ICSA Labs' 8th Annual Virus Prevalence Survey (March 2003)

http://www.icsalabs.com/2002avpsurvey/

Download the full survey: (56 pages)

- Page 23: Cost of the disaster in person/days

- Table 9 and figure 8 illustrate the cost in person days

- Page 25: Organization effects of viruses

- Figure 11: Effects of Viruses

http://www.trusecure.com/cgi-bin/download.cgi?ESCD=W0107&file=doc607.pdf
 

Key findings

http://infosecuritymag.techtarget.com/2003/apr/virussurvey.shtml

 

Antivirus software is only as good as its latest update.

“83 percent of the survey group said they use an antivirus application, only 73 percent update their definition files regularly.”

PC World

http://www.pcworld.com/reviews/article/0,aid,112468,pg,3,00.asp

================================

From Deloitte Touche Tohmatsu, 20 May, 2003, (26 pages)

2003 Global Security Survey

Topics surveyed include Security Governance, Investment, Value, Risk, Responsiveness, Use of security technologies, Quality of Operations, and Privacy.

• "Financial services companies are spending approximately 6% of their IT budgets on information security.”

• "47% hired extra security staff compared with 2001.”

• "Only 19% of respondents said they had reduced the number of IT security staff, despite the slowdown in the economy.”

Download survey here:

http://www.deloitte.com/dtt/cda/doc/content/Global%20Security%20Survey%202003.pdf

==============================

From Internet Fraud Complaint Center (IFCC), 11 April, 2003 (23 pages)

• “Instances of Internet fraud increased drastically in 2002 as compared to 2001.”

• “Losses reported by victims totaled $54 million, versus $17 million the year before, and complaints referred to law enforcement totaled 48,252, compared to 16,755 in 2001”

• Auction fraud and non-delivery of merchandise were to top two reported crimes, with Credit and debit card fraud following them at 12%”

Internet Fraud Complaint Center

http://www1.ifccfbi.gov/strategy/2002_IFCCReport.pdf

====================================

TruSecure® Corporation, the leading provider of intelligent risk management products and services provides the following white papers:

Virus Trends 2003 and prediction for 2004 (8 pages)

Date: December 29, 2003

This paper provides a wealth of statistics in the form of graphs, charts and tables.

Download here:

https://www.trusecure.com/cgi-bin/download.cgi?file=wp_2004Virus.pdf&ESCD=W0152

2003/2004 Trends and Predictions in Network Security (12 pages)

Date: December 29, 2003

This paper provides plenty of statistics.

Download here:

https://www.trusecure.com/cgi-bin/download.cgi?ESCD=W0151&file=wp_2004Networks.pdf

 

=================================

From Information Security Magazine, 1 March 2003,

According to an Information Security survey of 518 senior security managers:

• “Just over half (53%) of those surveyed said their information security budgets would increase in 2003

• 16% said their budgets would increase by over 20%

• 30% said their budgets would remain flat in 2003

• 17% said their budgets would decrease”

Information Security Magazine

http://infosecuritymag.techtarget.com/2003/mar/cisosurvey.shtml

===============================

The CERT® Coordination Center is an excellent source for security statistics.

“Established in 1988, the CERT® Coordination Center (CERT/CC) is a

center of Internet security expertise, located at the Software

Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.”

Statistics:

CERT/CC Statistics 1988-2003

Number of incidents reported

Vulnerabilities reported

Security alerts published

Security notes published

http://www.cert.org/stats/cert_stats.html

February 06, 2004 - Current Security Activity

http://www.cert.org/current/archive/2004/02/06/archive.html

Incidents

http://www.cert.org/incident_notes/

• "ID theft costs banks $1 billion a year. Nearly 10,000 victims had home loans - totaling about $300 million - taken out in their name in 2002 and another 68,000 had new credit cards issued in their name"

• "While the FTC received 161,000 identity theft complaints last year, the FBI estimates the actual number of victims is probably closer to 500,000"

MSN

http://msnbc.msn.com/id/3078480/

================================

“What was the median cost to remediate the Blaster worm? $475,000 Remediation cost $475,000 per company (median average – including hard, soft and productivity costs) with larger node-count companies reporting losses up to $4,228,000.”

Source: TruSecure / ICSA labs

http://www.securityvolition.com/Docs/VolitionGazette-September03.pdf

Understanding Patch and Update Management: Microsoft’s Software Update Strategy

http://216.239.41.104/search?q=cache:ySMScn1qQGoJ:download.microsoft.com/download/e/2/9/e293b664-b4c6-4e7b-8823-0e9fa9d62dae/patch_management.doc+Statistics+patches+and+critical+updates+that+must+be+made+on+Windows-based+computers&hl=es&ie=UTF-8

==============================

Windows Updates are necessary to help prevent problems with viruses, worms, etc. However, they should be used in combination with constantly updated virus definitions, firewalls, parasite removal and frequent backups of your important data. It takes a combination of all of these to keep you, and your computer, happy and functional.

Tech Talk (10/03)

http://www.spcug.org/reviews/bl0310.htm

================================

“During the August 2003 epidemic, wide publicity from Microsoft about installing security patches to Windows 2000 and XP operating systems helped to prevent more widespread damage. Computers with the latest updates were not vulnerable.”

http://www.hipaadvisory.com/action/secureqa/secure15.htm

===================================
 

• “The number of Windows XP updates since release of XP: 65; (at least 1/2 of those 65 corrected "security" problems)

• The Number of OS X (Jaguar updates) < 10 (3 were related to security).

• Total time spent installing windows XP Pro and updating it: 4 hours and 18 minutes.

• Total time spent installing OS X. 45 minutes; time at computer: 6 minutes.”
   

http://www.billdugan.com/projects/macjust.html

=====================================

From an article by Brian Livingston:

• It's obvious that IT professionals have been worn out by the onslaught of Microsoft security bulletins. The company released 72 security updates last year—almost one every five days. Burnout is why some 200,000 SQL Server systems were unpatched and wide open when the Slammer worm struck in January, even though Microsoft had issued a
  patch for the flaw six months earlier. Even Microsoft's servers hadn't all been upgraded, allowing Slammer to take down many of the company's hosts.”

• “The crucial question is whether enterprise executives will devote a certain number of person-days per month to test and distribute whatever critical patches may come out. You should if Windows is your platform.”

eWeek article: November 3, 2003

http://www.eweek.com/print_article/0,3048,a=111026,00.asp

==============================
 

• “With all the viruses and worms wriggling around lately, there's more interest than usual in running Windows Update.”

•  “Of course, enterprises don't have to rely on this inefficient end-user service. Businesses can instead use Microsoft's official Software Update Service and several third-party patch-management services.”

• "That leaves half a billion home PCs that are running unpatched, insecure Windows installs. These machines are being infected left and right.”