Cybercrime is booming right along with e-commerce, according to a report released Wednesday by the Computer Security Institute.
The study, which was conducted in partnership with the Federal Bureau of Investigation (FBI) Computer Intrusion Squad, showed that over 90 percent of respondents had detected cyber attacks. Stunningly, a total of $266 million (US$) was lost by the 273 companies that could or would put a dollar amount to damages.
CSI Director Patrice Rapalus said, “The trends the CSI/FBI survey has highlighted over the years are disturbing. Cybercrimes and other information security breaches are widespread and diverse.”
Insiders and Outsiders
The study reports that 90 percent of the organizations surveyed, including large corporations, medical institutes, and government agencies, detected security breaches during the last twelve months. Additionally, 70 percent of the respondents, as opposed to 62 percent last year, reported incurring such serious computer security breaches as theft of proprietary information, financial fraud, denial-of-service attacks, and sabotage of data or networks.
Both employees and outside hackers represent a threat to cyber-security, according to the report, but most attacks are coming from the inside. Seventy-one percent of companies surveyed reported attacks from the inside, but only 25 percent acknowledged system penetration from outsiders.
For the third year in a row, more respondents — 59 percent — cited their Internet connection as the frequent point of attack, while only 38 percent cited their internal systems as a frequent point of attack.
Virus attacks are at the forefront of computer crimes reported by corporations, but employee abuse of Internet access runs a close second. Eighty-five percent of companies surveyed reported computer viruses, while 79 percent reported employee abuse of access.
Focus on E-Commerce
When the survey spotlight turned specifically to e-commerce, the results were equally disturbing. Ninety-three percent of survey participants had Web sites and 43 percent — up from 30 percent the year before — conducted e-commerce through their site. Nineteen percent of organizations with Web sites reported suffering unauthorized access or misuse in the past 12 months, while 32 percent admitted they did not know if there had been security breaches.
Vandalism was at the top of the hackers’ hit parade with 64 percent of the respondents reporting an attack of Web site vandalism and 60 percent reporting at least one denial-of-service attack. Thirty-five percent of organizations attacked reported from two to five incidents and 19 percent reported ten or more incidents.
The good news, if it can be called that, is that only eight percent of the respondents reported theft of transaction information and only three percent reported financial fraud.
Financial Losses Staggering
The financial costs of cybercrime are staggering. A full 74 percent of companies surveyed admitted they had suffered financial losses due to computer breaches. However, only 42 percent were able, or willing, to quantify their financial losses.
These firms cited losses as $266 million, which represents a significant increase over the average annual total for the past three years of $120.2 million.
Something for Feds To Sink Their Teeth Into
U.S. Attorney General Janet Reno has called cracking down on cybercrime “one of the most critical issues that law enforcement has ever faced.” She has also asked for an additional $37 million to battle online crime.
Bruce Gebhardt, head of the FBI’s Northern California office said, “The results of the CSI/FBI survey provide us with valuable data.”
He added, “This information not only has been shared with Congress to underscore the need for additional investigative resources on a national level, but identifies emerging crime trends and helps us decide how best to proactively — and aggressively — assign resources, before those trends become crises.”
Gebhardt also believes that law enforcement needs to switch gears if it is going to be successful in fighting cybercrime. He said, “If the FBI and other law enforcement agencies are to be successful in combating this continually increasing problem, we cannot always be placed in a reactive mode, responding to computer crises as they happen.”