Although information technology has suffered
a decline in the recent recession, computer crime remains a growth
industry. That is the message from a survey by the Computer Security
Institute, which confirms that "the threat from computer
crime and other information security breaches continues unabated
and that the financial toll is mounting."
Highlights of CSI's "2002 Computer
Crime and Security Survey" include:
- Ninety percent of respondents (primarily
large corporations and government agencies) detected computer
security breaches within the last twelve months.
- Eighty percent acknowledged financial
losses due to computer breaches.
- Forty-four percent (223 respondents)
were willing and/or able to quantify their financial losses.
These 223 respondents reported $455,848,000 in financial losses.
- As in previous years, the most
serious financial losses occurred through theft of proprietary
information (26 respondents reported $170,827,000) and financial
fraud (25 respondents reported $115,753,000).
- For the fifth year in a row, more
respondents (74%) cited their Internet connection as a frequent
point of attack than cited their internal systems as a frequent
point of attack (33%).
- Thirty-four percent reported the
intrusions to law enforcement. (In 1996, only 16% acknowledged
reporting intrusions to law enforcement.)
Respondents detected a wide range
of attacks and abuses:
- Forty percent detected system penetration
from the outside.
- Forty percent detected denial of
service attacks.
- Seventy-eight percent detected
employee abuse of Internet access privileges (for example, downloading
pornography or pirated software, or inappropriate use of e-mail
systems).
- Eighty-five percent detected computer
viruses.
Respondents were asked about electronic
commerce over the Internet:
- Ninety-eight percent of respondents
have WWW sites.
- Fifty-two percent conduct electronic
commerce on their sites.
- Thirty-eight percent suffered unauthorized
access or misuse on their Web sites within the last twelve months.
Twenty-one percent said that they didn't know if there had been
unauthorized access or misuse.
- Twenty-five percent of those acknowledging
attacks reported from two to five incidents. Thirty-nine percent
reported ten or more incidents.
- Seventy percent of those attacked
reported vandalism (only 64% in 2000).
- Fifty-five percent reported denial
of service (only 60% in 2000).
- Twelve percent reported theft of
transaction information.
- Six percent reported financial
fraud (only 3% in 2000).
|