[ISN] Cost of US cyber attacks plummets

From: InfoSec News (isn@private)
Date: Tue Jul 19 2005 - 01:49:14 PDT


http://www.theregister.co.uk/2005/07/18/csi_fbi_security_survey/

By John Leyden
18th July 2005 

The cost of individual cyber attacks fell dramatically in the US last
year but unauthorised access and the theft of proprietary information
remain top security concerns.

The 10th annual Computer Crime and Security Survey, put together by
the Computer Security Institute (CSI) in conjunction with information
security experts at the FBI, shows financial losses resulting from
security breaches down for the fourth successive year. The cost of
breaches averaged $204,000 per respondent - down 61 per cent from last
year's average loss of $526,000.

Virus attacks continue as the source of the greatest financial pain,
making up 32 per cent of the overall losses reported. But unauthorized
access showed a dramatic increase and replaced denial of service as
the second most significant contributor to cybercrime losses.  
Unauthorised access was fingered for a quarter (24 per cent) of losses
reported in the CSI/FBI Computer Crime and Security Survey 2005.  
Meanwhile losses from theft of proprietary information doubled last
year, based on the survey of 700 computer security practitioners in
various US corporations, universities and government agencies.

The study found fears about negative publicity are preventing
organisation from reporting cybercrime incidents to the police, a
perennial problem the CSI/FBI study reckons is only getting worse.  
Assuming that this isn't true of what respondents also told CSI's
researchers (academics from the University of Maryland), the study
presents a picture of reducing cyber crime losses that contrasts
sharply with vendor-sponsored studies.

Chris Keating, CSI Director, said its study suggests that
organizations that raise their level of security awareness but warns
against complacency in the face of a changing cybercrime threat.

"Individual users are more exposed to computer crime than ever, due to
the growth in identity theft schemes. We can't help but note the shift
in the survey results toward more financial damage due to theft of
sensitive company data. This is an ominous, though not unexpected,
development and underscores the need to insist that enterprise
networks be properly safeguarded," he said.

The CSI/FBI Computer Crime and Security Survey aims to help determine
the scope of computer crime along with promoting security awareness.  
It can be downloaded from the CSI's website GoCSI.com (PDF -
registration required) [1]. ®

[1] http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Tue Jul 19 2005 - 01:58:30 PDT