I don't know the percentages of what server was used, but here are some very interesting stats compliled by CSI and the FBI...
The "Computer Crime and Security Survey" is conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad. The aim of this effort is to raise the level of security awareness, as well as help determine the scope of computer crime in the United States.
Based on responses from 503 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the findings of the "2002 Computer Crime and Security Survey" confirm that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting.
Highlights of the "2002 Computer Crime and Security Survey" include:
* Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last twelve months.
* Eighty percent acknowledged financial losses due to computer breaches.
* Forty-four percent (223 respondents) were willing and/or able to quantify their financial losses. These 223 respondents reported $455,848,000 in financial losses.
* As in previous years, the most serious financial losses occurred through theft of proprietary information (26 respondents reported $170,827,000) and financial fraud (25 respondents reported $115,753,000).
* For the fifth year in a row, more respondents (74%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (33%).
* Thirty-four percent reported the intrusions to law enforcement. (In 1996, only 16% acknowledged reporting intrusions to law enforcement.)
Respondents detected a wide range of attacks and abuses.
Here are some examples of attacks and abuses:
* Forty percent detected system penetration from the outside.
* Forty percent detected denial of service attacks.
* Seventy-eight percent detected employee abuse of Internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems).
* Eighty-five percent detected computer viruses.
* For the fourth year, we asked some questions about electronic commerce over the Internet. Here are some of the results:
* Ninety-eight percent of respondents have WWW sites.
* Fifty-two percent conduct electronic commerce on their sites.
* Thirty-eight percent suffered unauthorized access or misuse on their Web sites within the last twelve months. Twenty-one percent said that they didn't know if there had been unauthorized access or misuse.
* Twenty-five percent of those acknowledging attacks reported from two to five incidents. Thirty-nine percent reported ten or more incidents.
* Seventy percent of those attacked reported vandalism (only 64% in 2000).
* Fifty-five percent reported denial of service (only 60% in 2000).
* Twelve percent reported theft of transaction information.
* Six percent reported financial fraud (only 3% in 2000).
Tank863
