Costs Of Online Breaches Soaring Says CSI/FBI Report

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Costs Of Online Breaches Soaring Says CSI/FBI Report By Steve Gold, Newsbytes

SAN FRANCISCO, CALIFORNIA,

22 Mar 2000, 7:22 AM CST

A report just published shows that the costs of unauthorized access and hacker attacks on Web sites are soaring. The report, based on the fifth joint annual study between the Computer Security Institute (CSI) and the Federal Bureau of Investigation (FBI), says that total verifiable losses in 1999 soared to $265.6 million, more than double those of 1998.

In addition, the report says that more than 90 percent of respondents to the survey said they have detected some form of security attack on their computer systems during the year.

The study took in responses from 273 organizations across the US and found that 70 percent of the respondents reported a variety of serious computer security breaches other than the most common ones of computer viruses, laptop theft or employee Internet abuse.

The CSI cites the examples of theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks as falling into this category.

The reports says that 74 percent of respondents acknowledged financial losses due to computer breaches. 42 percent, meanwhile, said they were willing and/or able to quantify their financial losses.

The report concludes that the $265.6 million total verifiable losses suffered by respondents was more than double the total of $120 million reported for the three years 1996 to 1998 inclusive.

As in previous years, the CSI says that the most serious financial losses occurred through theft of proprietary information (66 respondents reported $66,7 million) and financial fraud (53 respondents reported $56 million).

The CSI says that the survey results illustrate that computer crime threats to large corporations and government agencies come from both inside and outside their electronic perimeters, confirming the trend in previous years.

71 percent of respondents detected unauthorized access by insiders. But, or the third year in a row, more respondents (59 percent) cited their Internet connection as a frequent point of attack than cited their internal systems as a point of attack (38 percent).

Patrice Rapalus, the CSI's director, said that the report, entitled "Computer Crime and Security Survey," has delivered on its promise to raise the level of security awareness and help determine the scope of crime in the US.

"The trends the CSI/FBI survey has highlighted over the years are disturbing," she said, adding that cyber crimes and other information security breaches are widespread and diverse.

Rapalus said that 90 percent of respondents reported attacks.

"The 273 organizations that were able to quantify their losses reported a total of $265,589,940. Clearly, more must be done in terms of adherence to sound practices, deployment of sophisticated technologies, and most importantly adequate staffing and training of information security practitioners in both the private sector and government," she said.

The CSI's Web site is at http://www.gocsi.com .

Reported by Newsbytes.com, http://www.newsbytes.com .

07:22 CST Reposted 08:33 CST

http://www.newsbytes.com/pubNews/00/146090.html

-- Jen Bunker (jen@bunkergroup.com), March 22, 2000


Moderation questions? read the FAQ