[ISN] Businesses May Not Report Cyber Attacks

From: InfoSec News (isn@private)
Date: Tue Aug 09 2005 - 23:36:53 PDT

Previous message: InfoSec News: "Re: [ISN] Huge ID theft ring affects at least 50 banks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.washingtonpost.com/wp-dyn/content/article/2005/08/09/AR2005080900907.html

By MARK SHERMAN
The Associated Press
August 9, 2005

WASHINGTON -- Most businesses do not report cyber attacks to law 
enforcement authorities, fearing the disclosure would harm their image 
and benefit rivals, FBI Director Robert Mueller said Tuesday.

This reluctance has become especially important at a time when 
identity theft is growing rapidly and terrorists are increasingly 
using the Internet, Mueller said in a speech to the InfraGard national 
conference, private companies that share security tips and expertise 
with the FBI.

"Today a command sent over a network to a power station's control 
computer could be just as deadly as a backpack full of explosives," 
Mueller said.

Business leaders last month announced an education campaign to better 
protect sensitive client information from hackers and other thieves, 
after a string of high-profile data thefts and losses.

In June, CardSystems Solutions Inc. disclosed that a breach of its 
system that processes transactions between merchants and credit card 
issuers exposed 40 million accounts to possible fraud.

Mueller's comments were based on an annual survey conducted by the FBI 
and the private Computer Security Institute that found just 20 percent 
of businesses reported computer intrusions last year, a figure that 
has held steady for several years.

The reasons cited most often for keeping the incidents quiet were loss 
of business to competitors and potential damage to a company's image 
among consumers.

Mueller said he understood those concerns and promised the FBI would 
be more sensitive in responding to computer hackings. "We also 
recognize that putting on raid jackets and rushing in may not be the 
best answer in situations such as those," he said.

Businesses must overcome those fears, he said, and be more forthcoming 
in reporting computer hacking to authorities. "Maintaining a code of 
silence will not benefit you or your company in the long run," he 
said. "We cannot investigate if we are not aware of the problem."

-=-

On the Net:

Computer Security Institute: http://www.gocsi.com/
InfraGard: http://www.infragard.net/index.htm



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org

Previous message: InfoSec News: "Re: [ISN] Huge ID theft ring affects at least 50 banks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Aug 09 2005 - 23:51:22 PDT