I want to discuss some points that you made:
com (Bob McKisson) said:
> The number of break-ins are now nearly too high to keep track of, let
> alone attempts. Current "educated" guessing is anywhere from 250 to
> 1000 successfull intrusions a day resulting in some information
This estimate of successful breakins seems outrageously high.
I am willing to be corrected, but I have never seen numbers like
> [ Bob suggests sources such as the 12/12/94 Information Week,
the WSJ, CERT, NIST, Bob McCree, Washington Technology,
InfoSecurity News ]
Bob: I have seen some of these sources but the numbers still astound
me. Can you offer more specifics? I just looked at the Information
Week article and saw that CERT becomes involved with 150 - 250 incidents
a month. CERT also claims that 'hacker' incidents are up 76% from
last year. This is a small fraction of your estimate.
> Average damage repair prices run anywhere from $200K - to $400K for
> manhours and machine time depending on the level of trauma, and
> required reconstructive work.
This is outrageous! What goes on in these 'average' breakins that
cost $200K - $400K? That indicates approximately 2 - 8 person-years of
work per incident.
I am very willing to learn from this discussion. However I feel
that you are making some alarmist claims that do not reflect reality.
The estimated number of successful intrusions seems high, and the average
cost per intrusion is also high. Multiplied together they might
indicate that corporations that have been 'hacked' are paying
on the order of 18 billion per year.
(250 incidents / day * 365 days * $200,000) Yow.
I may have misread your statements - please correct me if I have.