CSI Survey Shows Computer Crime and Security…
According to the eighth annual Computer Crime and Security Survey, from the Computer Security Institute (CSI), 251 organizations reported just over $200 million in financial losses, a 56 percent improvement over last year. But, based on responses from practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the survey confirms that the tide of threats of computer crimes and other information security breaches has not been stemmed.
CSI conducts the Computer Crime and Security Survey with the San Francisco Federal Bureau of Investigation’s Computer Intrusion Squad. The survey is intended to increase security awareness and to learn the scope of computer crime in the United States.
This year’s survey showed that overall losses were down significantly from last year, to nearly $202 million from nearly $456 million. Reported losses due to financial fraud fell drastically, from nearly $116 million last year to just over $9 million this year. And as in previous years, theft of proprietary information caused the most financial losses—more than $70 million was lost, and the average loss reported was $2.7 million. The second most expensive computer crime, according to survey respondents was denial of service, which cause more than $65 million in losses, up 250 percent from last year.
Even though financial losses decreased overall, the total number of significant incidents remained about the same as last year.
The survey also revealed that threats to large corporations and government agencies come from internal as well as external sources, a trend that has appeared in previous years. According to the survey, 45 percent of respondents detected unauthorized access by insiders. And 78 percent of respondents said their Internet connection was a frequent point of attack.
According to Chris Keating, director of CSI, the trends revealed by the survey are “disturbing,” with 92 percent of survey respondents reporting attacks. “Clearly, more must be done in terms of adherence to sound practices, deployment of sophisticated technologies, and most importantly, adequate staffing and training of information security practitioners in both the private sector and government,” Keating said.
The complete survey is available on the CSI Web site, at http://www.gocsi.com.
Emily Hollis is associate editor for Certification Magazine. She can be reached at firstname.lastname@example.org.