FBI publishes computer crime and security stats

Hack attacks down, viruses up


Every year for the past nine years, the Computer Security Institute and the FBI undertake a computer crime and security survey among companies and institutions in the US. These surveys provide interesting insights into the level of computer crime being experienced by companies, as well as how they are responding to security breaches.

Computer security has evolved from being purely the domain of IT resources to the point now where even the board of a company take an interest. This growing concern about security has come about as the internet has emerged to be a ubiquitous business tool. When the CSI and FBI started performing this survey in the mid-1990s, computer security concerns largely centred on technical issues such as encryption, access controls and intrusion detection systems.

By 2004, the ninth annual survey indicates that companies are becoming more concerned with the economic, financial and risk management aspects of computer security in addition to the purely technical aspects. This indicates the greater importance that is being placed on security by senior management in organisations.

Overall, the 2004 survey indicates that the frequency of successful attacks against corporate information systems is decreasing - and has been in steady decline since 2001. In fact, only 53 per cent of respondents indicated that they had experienced unauthorised use of their computational systems in the past year, which is the lowest level since 1999. Over the past year, there has been a dramatic drop in reports of system penetration, insider abuse and theft of intellectual property.

Across respondents, there was also a fairly even split between reports of breaches coming from inside and outside of the organisation. This is a substantial change from last year's survey, when 80 per cent of respondents reported insider abuse of networks to be the most common form of attack or abuse and indicates that security implementations are having some level of success in stopping these attacks.

Even though 99 per cent of organisations surveyed are using anti-virus technology, virus attacks were cited as the most common form of security incident, affecting 78 per cent of respondents. Further, virus attacks are contributing the most in terms of financial loss stemming from security incidents owing to the emerging threat of virus attacks being combined with denial of service attacks - costing companies more than double in monetary terms than any other type of security breach reported.

The next most costly forms of attack are theft of proprietary information, insider abuse of networks and the newly emerging threats of abuse of wireless networks. After virus attacks, insider abuse of networks was cited as the second most common form of security incident, reported by 59 per cent of organisations, followed by laptop or mobile phone theft, which affected 49 per cent of the survey sample.

For the first time, the survey asked respondents whether or not they conduct security audits of their information networks to look for vulnerabilities in a proactive manner. Whilst 82 per cent of respondents indicated that they do conduct such audits, that still leaves a sizeable 18 per cent of organisations that do not conduct this exercise - one of the most fundamental aspects of boosting the security of organisations.

One further new area was examined in the 2004 computer crime and security survey - that of the impact of regulation, specifically Sarbanes-Oxley, on the information security activities of companies. Corporate governance has been on the lips of corporate executives for the past year, and high-profile court cases have begun to hand out strict jail terms for transgressors. But, surprisingly, only among executives from the financial services, utilities and telecommunication industries did the majority state that Sarbanes-Oxley had affected their information security activities.

In contrast, most of the respondents from other industry sectors did not agree that Sarbanes-Oxley had raised the level of interest in information security in their organisations or had shifted the focus from technology to corporate governance. It is my bet that this is a situation that will change dramatically over the coming year.

© IT-Analysis.com

Related stories

Al-Qaeda cyber terrorist panics US
Your data online: safe as houses
Sasser kid blamed for viral plague


Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021