This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------50601B4A5C68 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-Transfer-Encoding: QUOTED-PRINTABLE Content-ID: <Pine.SUN.3.96.980826032209.27940Iat_private> http://www.gocsi.com/prelea11.htm Annual cost of computer crime rise alarmingly Organizations report $136 million in losses SAN FRANCISCO -- The Computer Security Institute (CSI) announced today the results of its third annual "Computer Crime and Security Survey."=20 The "Computer Crime and Security Survey" is conducted by CSI with the participation of the Federal Bureau of Investigation (FBI) International Computer Crime Squad=92s San Francisco office. The aim of this effort is to help raise the level of security awareness as well as determine the scope of computer crime in the United States.=20 Based on responses from 520 security practitioners in U.S. corporations, government agencies, financial institutions and universities, the findings of the "1998 Computer Crime and Security Survey" indicate that computer crime and other information security breaches are still on the rise and that the cost to U.S. corporations and government agencies is increasing.= =20 Here are some of the most intriguing results.=20 * 64% of respondents report computer security breaches within the last twelve months. This figure represents dramatic increases of 16% increase over the "1997 CSI/FBI Computer Crime and Security Survey" results, in which 48% of respondents reported unauthorized use and 22% increase over the initial 1996 survey, in which 42% acknowledged unauthorized use. (Note: If you include those reporting only incidents of computer virus or laptop theft, the number rises to 88% of all respondents.) * Although 72% of respondents acknowledge suffering financial losses fro= m such security breaches, only 46% were able to quantify their losses. The total financial losses for the 241 organizations that could put a dollar figure on them adds up to $136,822,000. This figure represents = a 36% increase in reported losses over the 1997 figure of $100,115,555 i= n losses. * Security breaches detected by respondents include a diverse array of serious attacks. For example, 44% reported unauthorized access by employees, 25% reported denial of service attacks, 24% reported system penetration from the outside, 18% reported theft of proprietary information, 15% reported incidents of financial fraud, and 14% reported sabotage of data or networks. * The most serious financial losses occurred through unauthorized access by insiders (18 respondents reported a total of $50,565,000 in losses)= , theft of proprietary information (20 respondents reported a total of $33,545,000 in losses), telecommunications fraud (32 respondents reported a total of $17,256,000 in losses) and financial fraud (29 respondents reported a total of $11,239,000 in losses). * The number of organizations that cited their Internet connection as a frequent point of attack rose from 47% in 1997 to 54% in 1998. This represents a 17% increase over the initial 1996 figure of 37%. And significantly, the number of respondents citing their Internet connection as a frequent point of attack is now equal to the number of respondents citing internal systems as a frequent point of attack. (In the past, internal systems has been considered to be the greater of problems. It is not that the threat from inside the perimeter has diminished, it is simply that the threat from outside, via Internet connections, has increased.) This trend was reinforced by another piec= e of data. Of those who acknowledged unauthorized use, 74% reported from one to five incidents originating outside the organization, and 70% reported from one to five incidents originating inside the organization. Summary data for responses to all 1998 survey questions, and a table displaying financial losses due to various types of security breaches reported in both 1997 and 1998 accompany this press release.=20 Patrice Rapalus, CSI director, suggests that organizations pay more attention to information security staffing and training.=20 "While companies may think that they are spending the requisite amount on information security, the dramatic increase in quantified dollar losses indicates otherwise. In addition to hardware and software (for example, firewalls), organizations must ensure that training staffing levels are adequate and that end users are made aware of the seriousness of the situation."=20 Robert Walsh, Special Agent in Charge of the FBI=92s San Francisco office agreed that the dollar losses as reflected in this year=92s survey are a matter of grave concern.=20 "But what is of equal concern is the seeming reluctance of organizations, for the third year in a row, to report computer intrusions to law enforcement. It is understandable that negative publicity is cited as the principal reason for this; however, the FBI has successfully investigated, and resolve, many cases in which computer crimes are alleged with either minimal or no public exposure to the victim company."=20 ### CSI, established in 1974, is a San Francisco-based association of information security professionals. It has thousands of members worldwide and provides a wide variety of information and education programs to assist practitioners in protecting the information assets of corporations and governmental organizations.=20 The FBI, in response to an expanding number of instances in which criminals have targeted major components of information and economic infrastructure systems, has established International Computer Crime Squads in selected offices throughout the United States. The mission of these squads is to investigate violations of Computer Fraud and Abuse Act of 1986, including intrusions to public switched networks, major computer network intrusions, privacy violations, industrial espionage, pirated computer software and other crimes where the computer is a major factor in committing the criminal offense.=20 The seriousness of this mission was recently reinforced by U.S. Attorney General Janet Reno=92s announcement of the creation of the National Infrastructure Protection Center. Recopgnizing this country's unprecedented reliance on technology, the Center, which will be a joint partnership among federal agencies and private industry, is designed to serve as the government's lead mechanism for responding to an infrastructure attack.=20 --------------50601B4A5C68-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:02:20 PDT