Thursday, 28 February 2008

Current Statistics on InSecurity

The following are a compilation of statistcs on a year by year basis. These are all in Australiaand have been followed over a number of years.

The columns are split by Year, into Industry and the numbers of organisations that have a Firewall in place. Those with a firewall are not necessary even secure as this is being generous and includes both commercial firewalls and also some clients with a simple set of ACLs (and NO egress filters) on a router.

Over the next week I will publish the statistics I have noted in audits and compliance work for this period. Following posts will include NIDS (those organisations using a network based IDS of some type - even if poorly), HIDS (those with something as simple as AIDES or Tripwire), and finally there will be a set of statistics by system.

The systems I have been recording are:

  • Financal Systems Databases,
  • User Management Systems (Including Active Directory Domain server),
  • Key Critical System (this is the system with the highest loss or damage value for the organisation).
The results are listed from 2004 to 2007 with the number of systems that are compliant with the noted test against the number or organisations in the class (except in the case of 100% compliance which is listed). So a result of "89 / 102" means that 89 organisations of a total sample space of 102 clients are compliant. In the case of the firewall section, 89 organisations of the 102 would have a minimal firewall in place (or 87%).

2004
Finance 102 / 103
Government 15 / 17
Retail 41 / 64
Health 8 / 14
Telecoms 8 (100%)
Property 6 (100%)
Media 7 (100%)
Gaming 3 (100%)

2005
Finance 98 (100%)
Government 16 / 17
Retail 53 / 64
Health 8 / 14
Telecoms 8 (100%)
Property 6 (100%)
Media 7 (100%)
Gaming 3 (100%)

2006
Finance 86 (100%)
Government 17 / 18
Retail 54 / 64
Health 12 / 14
Telecoms 8 (100%)
Property 6 (100%)
Media 7 (100%)
Gaming 3 (100%)

2007
Finance 64 (100%)
Government 17 / 18
Retail 60 / 64
Health 13 / 15
Telecoms 9 (100%)
Property 6 (100%)
Media 7 (100%)
Gaming 3 (100%)
  • Finance includes mid-tier banks and credit unions, insurance campanies and other organisations such as stock broking frms.
  • Government includes both state and Commonwealth departments, Councils and commissions.
  • Retail includes about anything that ends up being sold to consumers.
  • Health includes medical facilities and Hostpitals.
  • Telecoms includes traditional and Internet based organistions
  • Media is broadcasting, news, and printing
  • Gaming is betting and casinos.

The following table is the previous firewall data in a simpler format.

No comments: