Security breaches up, according to surveygreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread |
Security breaches up, according to surveyWed, 22 Mar 2000 10:55:55 GMT Reuters
Study finds a number of attacks go unrecognised
In a year that saw some of the Internet's best known sites almost wiped off the Web by hacker attacks, few computer users would question that cyber-security is a pressing concern.
In an annual survey issued on Wednesday, the FBI and the San Francisco-based Computer Security Institute (CSI) showed just how pressing the concern is. The total verifiable losses in 1999 more than doubled to top $265m (#164.3m), while more than 90 percent of respondents reported detecting some form of security breach.
Security experts say a large number of attacks go unrecognised, and the total is hard to assess, with companies reluctant to admit they've been vandalised. But the annual survey gives a clear picture of a worsening problem. "The trends are continuing in the same direction. It's going from bad to worse in terms of threats from the outside, while the threat from the inside doesn't go away," said Richard Power, CSI's editorial director.
The fifth annual survey of computer crime and security polled some 640 corporations, banks and government organisations about the state of their computer systems, however only 42 percent of respondents could put a figure on what the attacks cost them. While the most common threats -- computer viruses, laptop theft and employee "Net abuse" -- continued apace, at least 74 percent of respondents reported more serious security breaches, including theft of proprietary information, financial fraud, system penetration by outsiders, data or network sabotage and Denial of Service attacks designed to take Web sites out of commission.
Information theft and financial fraud caused the most severe financial losses, put at $68m (#42m) and $56m (#34.7m) respectively. But Denial of Service attacks -- like the ones that temporarily paralysed Yahoo!, eBay. Buy.com and several other Web sites in February -- are also a growing problem, Powers said.
Losses traced to Denial of Service attacks were only $77,000 (#47,740) in 1998, and by 1999 had risen to just $116,250 (#72,075). The new survey, which reports on numbers taken before the high-profile February strikes, showed quantified losses up at more than $8.2m (#5m).
"The denial of service showed that many sites are way, way understaffed and not adequately secured," Powers said. "Maybe a half a dozen sites were attacked in that attack, and 150 sites were hacked into to launch the attack. There is a widespread insecurity among corporate sites and government sites, and the problem is not just technological, it is human. There are not enough people working on it," he added.
Bruce Gephardt, in charge of the FBI's northern California office, said the survey revealed how quickly computer security is becoming a major problem faced by law enforcement, and how more staff was needed to fight it. "If the FBI and other law enforcement agencies are to be successful in combating this continually increasing problem, we cannot always be placed in a reactive mode, responding to computer crises as they happen," Gephardt said in a news release.
http://www.zdnet.co.uk/news/2000/11/ns-14256.html
-- Jen Bunker (jen@bunkergroup.com), March 22, 2000