Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, July 13, 2005

Cyber Crime Rates, Losses Fall, Says Surve

A downward turn in overall cyber crime has hit its fourth year, said the 10th-annual survey on computer crime released Thursday, and average financial losses have tumbled by more than half.  The yearly survey, which is conducted by the Computer Security Institute (CSI) in coordination with the FBI, found that the average dollar amount pegged to a security breach fell by a whopping 61 percent compared to 2004, when the loss per polled company or government agency was estimated at $526,000.  Losses reported per respondent due to unauthorized access crimes was up a huge 580 percent in 2005 over 2004, while theft of proprietary information because of a security breach rose 211 percent. 

Even more important, said Robert Richardson, the editorial director of CSI and the author of the report based on the poll, was the finding that the percentage of those polled who have experienced attacks of various types continued to tail off in 2004.

Most categories of cyber crimes have been on the downturn since 2001, the survey’s figures show, with the biggest drop found in denial-of-service (DoS) attacks.  In 2001, DoS attacks were experienced by over 90 percent of those polled; in 2005, fewer than 50 percent said they’d been the victim of a DoS attack in the last 12 months.  “It’s a four-year trend now, which is good news,” said Richardson.

Losses reported per respondent due to unauthorized access crimes was up a huge 580 percent in 2005 over 2004, while theft of proprietary information because of a security breach rose 211 percent.  “This is where you see the spike related to things like identity theft,” said Richardson.

“When Acme Credit Card Authorization Transaction Co. finds out they’ve had an intruder who may have stolen records, that’s certainly a bad thing, but while that discovery is going on, credit card transactions are still being processed.”  Acme’s explicit loss, which is what this survey measures, may be the cost of accessing the damage, which would probably be small.  What may not be small would be the loss due to customers lost because of that disclosure.

Another thing that can’t be gleaned from the survey, said Richardson, is a solid risk assessment of current dangers, even though that might be tempting.  “The wrong thing to take away [from the positive data here] is that the risk of attack has dropped,” he said.

“Security breaches, especially when widely publicized, can be disastrous, both in terms of customer relations and financial results, such as a loss of market capitalization due to bad publicity.  What you can take away from this year’s survey is that we’re getting better at handling the routine security stuff, but not the much more aggressive attacks,” he continued.  “Why? Because we haven’t seen one, not the kind that people keep predicting will sweep through the Internet before companies can react.”

http://www.techweb.com/wire/security/165702436

Posted on 07/13
StatisticsPermalink