A few data points for assessing threats

tate@ClearNetSec.com (Tate Hansen) — Sun, 24 Sep 2006 00:04:00 -0600

In a recent post we talked about if it is possible to prioritize the deployment of solutions which are widely accepted to reduce risk to a business (without completing a threat assessment). A list you can say to someone "Well, without knowing your details I can say the most frequent threats or highest risks for most companies is from THESE THINGS, but we really should do a threat assessment first".

I googled around and created a short list (I'm sure there are 1000s out there) of data points to help determine the "THESE THINGS" part:

My favorite resource:

From PrivacyRights.org, chronology of data breaches: http://www.privacyrights.org/ar/ChronDataBreaches.htm (probably the best resource because it doesn't restrict by type of threat)

Like above:

From Mailerblog.com, data loss viewer (viewer to attrition's database of data breaches): http://www.mailerblog.com/dataloss/dataloss.php

From PogoWasRight.org, collects information on data breaches: http://www.pogowasright.org/

The recent Visa USA press release: http://biz.yahoo.com/prnews/060915/dcf014.html?.v=3D64

A few network based threat stats:

From DShield.org, top ports for scanning: http://www.dshield.org/topports.php

From Incidents.org, survival time history: http://isc.incidents.org/survivalhistory.php?isc=4fcfc1652464f1b60c02afecb75d332a

From Zone-h.org, attacks archive (defacements): http://www.zone-h.org/component/option,com_attacks/Itemid,44/

Virus specific:

From SecurityStats.com, virus related statistics: http://www.securitystats.com/virusstats.html

From F-Secure, virus statistics: http://www.f-secure.com/virus-info/statistics/

From McAfree, virus activity: http://vil.mcafee.com/mast/viruses_by_continent.asp?continent_k=0&track_by=1&period_id=1

From Symantec, threat explorer: http://www.symantec.com/enterprise/security_response/threatexplorer/threats.jsp

From Postini, StatTrack (including DHA/SPAM stats): http://www.postini.com/stats/

Insider snippets:

From Bruce Schneier, news summary: http://www.schneier.com/blog/archives/2005/12/insider_threat.html

Illicity Cyber Activity in the Banking and Finance Sectors, news summary: http://www.gcn.com/online/vol1_no1/27074-1.html

Reconnex threat stats: http://www.reconnex.net/Threat/

I can probably find a lot more statistics from combing CERT pages, but I stopped: http://www.cert-in.org.in/worldcert.htm

ClearNet Security: Tag breaches

A few data points for assessing threats