[ISN] CSI - Cost of Computer Crime on Rise (w/ stats)

From: mea culpa (jerichoat_private)
Date: Wed Aug 26 1998 - 02:23:05 PDT

  • Next message: mea culpa: "[ISN] WorldCom Unit Rolls Out Security Service"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-Transfer-Encoding: QUOTED-PRINTABLE
    Content-ID: <Pine.SUN.3.96.980826032209.27940Iat_private>
                    Annual cost of computer crime rise alarmingly
                    Organizations report $136 million in losses
    SAN FRANCISCO -- The Computer Security Institute (CSI) announced today the
    results of its third annual "Computer Crime and Security Survey."=20
    The "Computer Crime and Security Survey" is conducted by CSI with the
    participation of the Federal Bureau of Investigation (FBI) International
    Computer Crime Squad=92s San Francisco office. The aim of this effort is to
    help raise the level of security awareness as well as determine the scope
    of computer crime in the United States.=20
    Based on responses from 520 security practitioners in U.S. corporations,
    government agencies, financial institutions and universities, the findings
    of the "1998 Computer Crime and Security Survey" indicate that computer
    crime and other information security breaches are still on the rise and
    that the cost to U.S. corporations and government agencies is increasing.=
    Here are some of the most intriguing results.=20
       * 64% of respondents report computer security breaches within the last
         twelve months. This figure represents dramatic increases of 16%
         increase over the "1997 CSI/FBI Computer Crime and Security Survey"
         results, in which 48% of respondents reported unauthorized use and 22%
         increase over the initial 1996 survey, in which 42% acknowledged
         unauthorized use. (Note: If you include those reporting only incidents
         of computer virus or laptop theft, the number rises to 88% of all
       * Although 72% of respondents acknowledge suffering financial losses fro=
         such security breaches, only 46% were able to quantify their losses.
         The total financial losses for the 241 organizations that could put a
         dollar figure on them adds up to $136,822,000. This figure represents =
         36% increase in reported losses over the 1997 figure of $100,115,555 i=
       * Security breaches detected by respondents include a diverse array of
         serious attacks. For example, 44% reported unauthorized access by
         employees, 25% reported denial of service attacks, 24% reported system
         penetration from the outside, 18% reported theft of proprietary
         information, 15% reported incidents of financial fraud, and 14%
         reported sabotage of data or networks.
       * The most serious financial losses occurred through unauthorized access
         by insiders (18 respondents reported a total of $50,565,000 in losses)=
         theft of proprietary information (20 respondents reported a total of
         $33,545,000 in losses), telecommunications fraud (32 respondents
         reported a total of $17,256,000 in losses) and financial fraud (29
         respondents reported a total of $11,239,000 in losses).
       * The number of organizations that cited their Internet connection as a
         frequent point of attack rose from 47% in 1997 to 54% in 1998. This
         represents a 17% increase over the initial 1996 figure of 37%. And
         significantly, the number of respondents citing their Internet
         connection as a frequent point of attack is now equal to the number of
         respondents citing internal systems as a frequent point of attack. (In
         the past, internal systems has been considered to be the greater of
         problems. It is not that the threat from inside the perimeter has
         diminished, it is simply that the threat from outside, via Internet
         connections, has increased.) This trend was reinforced by another piec=
         of data. Of those who acknowledged unauthorized use, 74% reported from
         one to five incidents originating outside the organization, and 70%
         reported from one to five incidents originating inside the
    Summary data for responses to all 1998 survey questions, and a table
    displaying financial losses due to various types of security breaches
    reported in both 1997 and 1998 accompany this press release.=20
    Patrice Rapalus, CSI director, suggests that organizations pay more
    attention to information security staffing and training.=20
    "While companies may think that they are spending the requisite amount on
    information security, the dramatic increase in quantified dollar losses
    indicates otherwise. In addition to hardware and software (for example,
    firewalls), organizations must ensure that training staffing levels are
    adequate and that end users are made aware of the seriousness of the
    Robert Walsh, Special Agent in Charge of the FBI=92s San Francisco office
    agreed that the dollar losses as reflected in this year=92s survey are a
    matter of grave concern.=20
    "But what is of equal concern is the seeming reluctance of organizations,
    for the third year in a row, to report computer intrusions to law
    enforcement. It is understandable that negative publicity is cited as the
    principal reason for this; however, the FBI has successfully investigated,
    and resolve, many cases in which computer crimes are alleged with either
    minimal or no public exposure to the victim company."=20
    CSI, established in 1974, is a San Francisco-based association of
    information security professionals. It has thousands of members worldwide
    and provides a wide variety of information and education programs to
    assist practitioners in protecting the information assets of corporations
    and governmental organizations.=20
    The FBI, in response to an expanding number of instances in which
    criminals have targeted major components of information and economic
    infrastructure systems, has established International Computer Crime
    Squads in selected offices throughout the United States. The mission of
    these squads is to investigate violations of Computer Fraud and Abuse Act
    of 1986, including intrusions to public switched networks, major computer
    network intrusions, privacy violations, industrial espionage, pirated
    computer software and other crimes where the computer is a major factor in
    committing the criminal offense.=20
    The seriousness of this mission was recently reinforced by U.S. Attorney
    General Janet Reno=92s announcement of the creation of the National
    Infrastructure Protection Center. Recopgnizing this country's
    unprecedented reliance on technology, the Center, which will be a joint
    partnership among federal agencies and private industry, is designed to
    serve as the government's lead mechanism for responding to an
    infrastructure attack.=20
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:02:20 PDT