3
The Facts Reviewed….
•
•Code Red infected 359,000 servers in less than 14 hours – at the peak, it infected more than 2,000 new hosts/minute – estimated cost? $2.6B (Computer Economics)
•
•Within 24 hours of NIMDA hitting, 50% of the infected hosts went offline (CNet)
•
•1 vulnerability exists in every 1500 lines of code (IBM’s Watson Research Lab) ; Windows XP has 45M lines of code; MS code lines double every 866 days….(Gartner; N.Myrhvold)
•
•$18 billion in sales is expected to be lost due to concerns about online security in 2002 (FTC)
•
•90% of large companies experienced some sort of security breach in 2001, including virus infections, Web site vandalism, credit card fraud and theft of company secrets  (CSI/FBI)
Let’s just look at the facts:
Code Red infected 359,000 servers in less than 14 hours – at the peak, it infected more than 2,000 new hosts/minute – estimated cost? $2.6B

Within 24 hours of NIMDA hitting, 50% of the infected hosts went offline – including some of the largest financial, retail and gov’t organizations in the world

According to the FTC, $18 billion in sales is expected to be lost due to concerns about online security in 2002

And most disturbing, according to a survey published in April 2002 by San Francisco’s Computer Security Institute and the FBI, 90% of the 503 security professionals surveyed––most of whom work for large corporations and government agencies––use firewalls and anti-virus solutions at their companies, and 60% use intrusion detection systems. Yet 90% still suffered in 2001 from security breaches including virus infections, Web site vandalism, credit card fraud and theft of company secrets. The most expensive breaches were cases of financial fraud, causing an average loss of $4.6 million. 85% were attacked by Internet worms like Code Red and Nimda, causing an average financial loss of $283,000 from a single worm attack. Finally, a staggering 97% of web applications audited by Sanctum Inc. were found vulnerable to application-level attacks.