Cyber Crime Update

For those concerned with wider cyber crime research, three recent documents should be of interest.

The documents address much wider issues than application security, but there are some useful nuggets in them of specific interest such as the average time to resolve or contain attacks.

Second Annual Cost of Cyber Crime Study

This updated report from the Ponemon Institute sponsored by ArcSight, describes the types of attacks, costs and governance, risk management and compliance practices for 50 mainly commercial organisations, involving 379 interviews. Key findings: annualised cost was found to be $1.5 million to $36.5 million, relating to on average one successful attack per week, and most likely to involve malicious code, denial of service, stolen devices and web-based attacks.

US Department of Defense Strategy for Operating in Cyberspace

The unclassified version of this document, released in mid-July, presents an overall strategy to defend against cyber threats and addresses aspects relating to the economy, security, law enforcement, military, governance, international development and internet freedom. Key quotation: "Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity".

Operation Shady Rat

This report describes McAfee's investigation of targeted intrusions into 70 organisation's assets over the last five years. Key findings: the intrusion durations lasted from less than a month to 28 months, and affected organisations in all sectors and in all geographical regions.

See also Home Office Cyber Crime Strategy and scale of cyber crime in the UK.