9 out of 10 Companies report Computer Attacks
More than 90 percent of large corporations and government agencies were the victims of computer security breaches in 1999, according to a new survey
The Computer Security Institute's fifth Computer Crime and Security Survey also found that the total reported financial losses have tripled.
The annual survey is conducted with the participation of the San Francisco FBI Computer Intrusion Squad and aims to increase awareness of security. This year's survey was based on responses from 643 computer-security professionals in U.S. corporations, government agencies, financial institutions, medical institutions and universities.
Only 42 percent of those answering the survey could put a dollar figure on their financial losses - reporting the total at $265 million. The average annual total over the last three years was $120 million.
Widespread and diverse
Patrice Rapalus, director of the Computer Security Institute, said the survey points to a disturbing trend.
"Cybercrimes and other information-security breaches are widespread and diverse," she said. "Ninety percent of respondents reported attacks. Furthermore, such incidents can result in serious damages. ... Clearly, more must be done in terms of adherence to sound practices, deployment of sophisticated technologies, and most importantly, adequate staffing and
training of information-security practitioners in both the private sector and government."
The survey also found:
* 70 percent reported a variety of serious computer security breaches other than the most common ones of computer viruses, laptop theft or employee "net abuse." Other examples included theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks.
* 74 percent acknowledged financial losses due to computer breaches.
* 71 percent of respondents detected unauthorized access by insiders. For the third year in a row, more respondents -- 59 percent -- cited their Internet connection as a frequent point of attack rather than their internal systems -- 38 percent -- as a frequent point of attack.
Financial losses larger
The report said the financial losses in eight of 12 categories were larger than in any previous year. In addition, financial losses in four categories were higher than the combined total of the three previous years. For example, 61 respondents quantified losses due to sabotage of data or
networks for a total of $27 million. The total financial losses due to sabotage for the previous years combined totaled only $10 million.
As in previous years, the most serious financial losses occurred through theft of proprietary information, with 66 respondents reporting losses of $66 million and financial fraud and 53 reporting $55 million in losses.
The survey results show that computer crime threats to large corporations and government agencies come from both inside and outside their electronic perimeters, confirming trends found in prior surveys.
Bruce J. Gephardt heads the FBI's Northern California office in San Francisco, which covers 15 counties, including Silicon Valley. He said the survey helps him decide how to deploy his forces instead of reacting to computer crises as they occur.
Trends and crises
"The results of the CSI/FBI survey provide us with valuable data," Gephardt said. "This information not only has been shared with Congress to underscore the need for additional investigative resources on a national level, but [it] identifies emerging crime trends and helps me decide how best to proactively and aggressively assign resources before those 'trends' become
CSI, which was established in 1974, is a San Francisco-based association of information-security professionals.
The FBI, responding to an increase in the criminal targeting of major components of information and economic infrastructure systems, has established the National Infrastructure Protection Center (NIPC), which is located at FBI headquarters, and the Regional Computer Intrusion Squads, which are located in selected offices throughout the United States.
The NIPC, a joint partnership among federal agencies and private industry, is designed to serve as the government's lead mechanism for preventing and responding to cyberattacks on the nation's infrastructure. The Regional Computer Intrusion Squads investigate violations of the Computer Fraud and Abuse Act, which includes intrusions to public switched networks, major
computer network intrusions, privacy violations, industrial espionage, pirated computer software and other crimes.
Back to top
Please feel free to email us - firstname.lastname@example.org
Images and content are copyright to Cipher-IT Ltd
Site designed by Cipher-IT Ltd