I can tell just from the calls that I get that cybercrime is on the rise. Last week the FBI issued results of a corporate survey inquiring into the incidence and impact of cybercrime on American businesses. Some of the key findings:

Frequency of attacks.
Nearly nine out of 10 organizations experienced computer security incidents in a year’s time; 20% of them indicated they had experienced 20 or more attacks.

Types of attacks.
Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.

Financial impact.
Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.

Sources of the attacks.
They came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading.

Defenses.
Most said they installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) were used infrequently. In addition, 44% reported intrusions from within their own organizations, suggesting the need for strong internal controls.

Reporting.
Just 9% said they reported incidents to law enforcement, believing the infractions were not illegal or that there was little law enforcement could or would do. Of those reporting, however, 91% were satisfied with law enforcement’s response. And 81% said they’d report future incidents to the FBI or other law enforcement agencies. Many also said they were unaware of InfraGard, a joint FBI/private sector initiative that battles computer crimes and other threats through information sharing.

I find it interesting that, despite the massive losses involved ($32 million from 2/3 of those surveyed), only 9% of victimized companies bothered to report the crimes to police. Can you imagine this kind of reporting if the topic were embezzlement or internal theft? The reasons probably have to do with feared publicity and the hit to public confidence in internal data systems if word got out that the companies were hit by hackers. And rightly so. It’s easy for me to imagine that most of these attacks probably took advantage of lax security in the first place.

Read the FBI report here.

RP

This entry was posted on Monday, January 23rd, 2006 at 7:52 pm and is filed under News, Cybercrime. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.