by Playfuls Staff |
20th January 2006
Computer-aided crimes are becoming increasingly dangerous as the whole world becomes more and more dependant on telecommunications and the Internet. And costly, too, according to a report released by the Federal Bureau of Investigation.[more]
Thus, the FBI has released its 2005 Computer Crime Survey, with nearly two thirds of respondents claiming security breaches had hit them where it hurt: the wallet. Losses averaged $24,000 for those targeted.
That figure may not be much if you're a Walmart or a General Motors, but of the 2,066 businesses surveyed, nearly three quarters (72 per cent) employed fewer than 100 staff and 45.8 per cent claimed sub $5m annual revenues.
That $24,000 a year suddenly means a lot more to them, especially when on the face of it, they have already deployed standard fayre security measures, such as antivirus (98.2 per cent) and firewalls (90.7 per cent). Yet this still means roughly one in ten is running without firewall protection.
According to the 2005 FBI Computer Crime Survey: "This would be 2.8 million US organisations experiencing at least one computer security incident. With each of these 2.8 million organisations incurring a $24,000 average loss, this would total $67.2bn per year."
By comparison, telecommunication fraud losses are about only $1bn per year, according to the US Secret Service. Also, the overall cost to US citizens of identity fraud reached $52.6bn in 2004, according to Javelin Strategy & Research.
Responding to worms, viruses and Trojan horses was most costly, followed by computer theft, financial fraud and network intrusion, according to the survey. Respondents spent nearly $12m to deal with virus-type incidents, $3.2m on theft, $2.8m on financial fraud and $2.7m on network intrusions.
Biometrics and smart cards - both relatively new security technologies - were used only by four per cent and seven per cent of survey respondents, respectively. Intrusion prevention or detection systems were used by 23 per cent and VPNs, or virtual private networks, by 46 per cent.
From the point of view of the origins of the attacks, respondents said the vast majority of threats appear to come from the US and China - 26.1 and 23.9 per cent respectively said they had experienced intrusion attempts from these countries. Around one in 20 said they had been aware of such attempts from Nigeria, South Korea, Germany, Russia and Romania. Perhaps the anomaly here is the appearance of the Pitcairn Islands, with 12 or so respondents having been attacked from there.
Of course determining the original IP address of attacks is no easy task - attacks might be proxied through any geographical location. But China's strong presence here masks a troubling problem for the FBI. 'Difficulty tracking IP addresses and prosecution in China combined with other economic, military and political concerns make this an unusually troubling statistic' the report reads. 'especially when considering the potential impact of industrial espionage and state sponsored cyber warfare efforts.'
Not all threats came from outside the organisation. More than 44 per cent of the survey respondents reported intrusions from within the company. Bruce Verduyn, the special agent who managed the survey project, said: "Companies may be unaware of the internal potential for computer security incidents." He recommends applying policies and procedures to thwart attacks from the inside.
The FBI surveyed companies in Iowa, Nebraska, New York and Texas. Companies more than three years old, with more than five employees and with more than $1m in revenue were asked to participate. Survey participants were asked to provide their responses by the end of July 2005, with their answers covering the previous 12-month period.
The overall picture painted by the report is that businesses are only reporting what they are able to detect and that they are falling victim to a great deal more criminal activity than they are aware of.
