Re: [secedu] [iwar] "Issues and Trends:2000 CSI/FBI Computer Crime and Security Survey," (fwd)
From: David_Spinks
From: david.spinks@aeat.co.uk
To: secedu@egroups.com
Tue, 18 Apr 2000 17:06:49 +0100
fc Tue Apr 18 09:19:14 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Tue, 18 Apr 2000 09:19:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Tue Apr 18 16:19:08 2000)
X-From_: sentto-310457-119-fc=all.net@returns.onelist.com Tue Apr 18 11:18:41 2000
Received: from fk.egroups.com (fk.egroups.com [208.50.144.73]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id LAA20763 for ; Tue, 18 Apr 2000 11:18:41 -0500
X-eGroups-Return: sentto-310457-119-fc=all.net@returns.onelist.com
Received: from [10.1.10.36] by fk.egroups.com with NNFMP; 18 Apr 2000 16:18:45 -0000
Received: (qmail 509 invoked from network); 18 Apr 2000 16:15:27 -0000
Received: from unknown (10.1.10.26) by m2.onelist.org with QMQP; 18 Apr 2000 16:15:27 -0000
Received: from unknown (HELO q8.egroups.com) (10.1.2.31) by mta1 with SMTP; 18 Apr 2000 16:15:27 -0000
Received: (qmail 8050 invoked from network); 18 Apr 2000 16:15:26 -0000
Received: from huginn.aeat.co.uk (HELO huginn.harwell.aeat.co.uk) (151.182.136.7) by mx3.egroups.com with SMTP; 18 Apr 2000 16:15:26 -0000
Received: (from uucp@localhost) by huginn.harwell.aeat.co.uk (8.9.3/8.9.3/Debian 8.9.3-6) id RAA25971 for ; Tue, 18 Apr 2000 17:05:36 +0100
Received: from UNKNOWN(151.182.136.197), claiming to be "smtp-sweep-1.harwell.aeat.co.uk" via SMTP by huginn, id smtpdJQTmye; Tue Apr 18 17:05:35 2000
Received: from aeat.co.uk (unverified) by smtp-sweep-1.harwell.aeat.co.uk (Content Technologies SMTPRS 2.0.15) with SMTP id for ; Tue, 18 Apr 2000 17:18:27 +0100
Received: from a-hgwd3.harwell.aeat.co.uk by aeat.co.uk with SMTP (8.9.1/AEAT-GW-1.18) id RAA25583; Tue, 18 Apr 2000 17:15:13 +0100 (BST) sender david.spinks for
Received: from it017923 ([151.182.111.11]) by a-hgwd3.harwell.aeat.co.uk; Tue, 18 Apr 2000 17:14:49 +0100
Message-Id: <004301bfa951$2c9a0640$4217893e@it017923>
To:
References: <200004181331.GAA15654@all.net>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
MIME-Version: 1.0
Mailing-List: list secedu@egroups.com; contact secedu-owner@egroups.com
Delivered-To: mailing list secedu@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Tue, 18 Apr 2000 17:06:49 +0100
X-eGroups-From: "David_Spinks"
From: "David_Spinks"
Reply-To: secedu@egroups.com
Subject: Re: [secedu] [iwar] "Issues and Trends:2000 CSI/FBI Computer Crime and Security Survey," (fwd)
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Dear Readers
Surely the results of this survey are available via internet? Over
the last week two surveys have been released in the UK one by KPMG
and one by the UK government DTI.
DTI Report :
http://www.dti.gov.uk/cii/dtigreen/dti_site_site/index.html
The KPMG report is on CD-ROM
Should we not be able to compare these statistics UK/USA?
For those of us who are Security Professionals the results of
these survey provide one of the LIKELIHOOD metrics necessary when
undertaking essential Risk Assessment studies.
For more information on what's going on in Information Security in
the UK contact me direct.
regards
David Spinks
david.spinks@dspinks41.freeserve.co.uk
Chairman - E-Com-Sec
David Spinks
----- Original Message -----
From: Fred Cohen
To:
Sent: 18 April 2000 14:31
Subject: [secedu] [iwar] "Issues and Trends:2000 CSI/FBI Computer
Crime and Security Survey," (fwd)
> Subject: [iwar] "Issues and Trends:2000 CSI/FBI Computer Crime
and Security Survey,"
>
> Mar 22,2000
> FOR IMMEDIATE RELEASE
> Contact: Patrice Rapalus, Director
> Computer Security Institute
> 600 Harrison Street
> San Francisco, CA 94107
> 415/905-2310
> Internet: prapalus@cmp.com
>
> Ninety percent of survey respondents detect cyber attacks, 273
> organizations report $265,589,940 in financial losses.
>
> SAN FRANCISCO -- The Computer Security Institute (CSI) announced
today
> the results of its fifth annual "Computer Crime and Security
Survey."
> The "Computer Crime and Security Survey" is conducted by CSI
with the
> participation of the San Francisco Federal Bureau of
Investigation's
> (FBI) Computer Intrusion Squad. The aim of this effort is to
raise the
> level of security awareness, as well as help determine the scope
of
> computer crime in the United States.
>
> Highlights of the "2000 Computer Crime and Security Survey"
include
> the following:
>
> Ninety percent of respondents (primarily large corporations and
> government agencies) detected computer security breaches within
the
> last twelve months.
>
> Seventy percent reported a variety of serious computer security
> breaches other than the most common ones of computer viruses,
laptop
> theft or employee "net abuse"--for example, theft of proprietary
> information, financial fraud, system penetration from outsiders,
> denial of service attacks and sabotage of data or networks.
>
> Seventy-four percent acknowledged financial losses due to
computer
> breaches.
>
> Forty-two percent were willing and/or able to quantify their
financial
> losses. The losses from these 273 respondents totaled
$265,589,940
> (the average annual total over the last three years was
$120,240,180).
>
> Financial losses in eight of twelve categories were larger than
in any
> previous year. Furthermore, financial losses in four categories
were
> higher than the combined total of the three previous years. For
> example, 6I respondents quantified losses due to sabotage of
data or
> networks for a total of $27,148,000. The total financial losses
due to
> sabotage for the previous years combined totaled only
$10,848,850.
>
> As in previous years, the most serious financial losses occurred
> through theft of proprietary information (66 respondents
reported
> $66,708,000) and financial fraud (53 respondents reported
> $55,996,000).
>
> Survey results illustrate that computer crime threats to large
> corporations and government agencies come from both inside and
outside
> their electronic perimeters, confirming the trend in previous
years.
> Seventy-one percent of respondents detected unauthorized access
by
> insiders. But for the third year in a row, more respondents
(59%)
> cited their Internet connection as a frequent point of attack
than
> cited their internal systems as a frequent point of attack
(38%).
>
> Based on responses from 643 computer security practitioners in
U.S.
> corporations, government agencies, financial institutions,
medical
> institutions and universities, the findings of the "2000
Computer
> Crime and Security Survey" confirm that the threat from computer
crime
> and other information security breaches continues unabated and
that
> the financial toll is mounting.
>
> Respondents detected a wide range of attacks and abuses. Here
are some
> other examples:
>
> 25% of respondents detected system penetration from the outside.
>
> 27% of respondents detected denial of service attacks.
>
> 79% detected employee abuse of Internet access privileges (for
> example, downloading pornography or pirated software, or
inappropriate
> use of e-mail systems).
>
> 85% detected computer viruses.
>
> For the second year, we asked some questions about electronic
commerce
> over the Internet. Here are some of the results:
>
> 93% of respondents have WWW sites.
>
> 43% conduct electronic commerce on their sites (in 1999, only it
was
> only 30%).
>
> 19% suffered unauthorized access or misuse within the last
twelve
> months.
>
> 32% said that they didn't know if there had been unauthorized
access
> or misuse.
>
> 35% of those acknowledging attack, reported from two to five
> incidents.
>
> 19% reported ten or more incidents.
>
> 64% of those acknowledging an attack reported Web-site
vandalism.
>
> 60% reported denial of service.
>
> 8% reported theft of transaction information.
>
> 3% reported financial fraud.
>
> Patrice Rapalus. CSI Director, suggests that the "Computer Crime
and
> Security Survey," now in its fifth year, has delivered on its
promise
> to raise the level of security awareness and help determine the
scope
> of crime in the United States.
>
> "The trends the CSI/FBI survey has highlighted over the years
are
> disturbing. Cyber crimes and other information security breaches
are
> widespread and diverse. Ninety percent of respondents reported
> attacks. Furthermore, such incidents can result in serious
damages.
> The 273 organizations that were able to quantify their losses
reported
> a total of $265,589,940. Clearly,
> more must be done in terms of adherence to sound practices,
deployment
> of sophisticated technologies, and most importantly adequate
staffing
> and training of information security practitioners in both the
private
> sector and government."
>
> Bruce J. Gebhardt is in charge of the FBI's Northern California
> office. Based in San Francisco, his division covers fifteen
counties,
> including the continually expanding "Silicon Valley" area.
Computer
> crime is one of his biggest challenges.
>
> "If the FBI and other law enforcement agencies are to be
successful in
> combating this continually increasing problem, we cannot always
be
> placed in a reactive mode, responding to computer crises as they
> happen. The results of the CSI/FBI survey provide us with
valuable
> data. This information not only has been shared with Congress to
> underscore the need for additional
> investigative resources on a national level but identifies
emerging
> crime trends and helps me decide how best to proactively, and
> aggressively assign resources, before those 'trends' become
'crises.'"
>
> ###
>
> CSI, established in 1974, is a San Francisco-based association
of
> information security professionals. It has thousands of members
> worldwide and provides a wide variety of information and
education
> programs to assist practitioners in protecting the information
assets
> of corporations and governmental organizations.
>
> The FBI, in response to an expanding number of instances in
which
> criminals have targeted major components of information and
economic
> infrastructure systems, has established the National
Infrastructure
> Protection Center (NIPC) located at FBI headquarters and the
Regional
> Computer Intrusion Squads located in selected offices throughout
the
> United States. The NIPC, a joint partnership among federal
agencies
> and private industry, is designed to serve as the government's
lead
> mechanism for preventing and responding to cyber attacks on the
> nation's infrastructures. (These infrastructures include
> telecommunications, energy, transportation, banking and finance,
> emergency services and government operations). The mission of
Regional
> Computer Intrusion Squads is to investigate violations of
Computer
> Fraud and Abuse Act (Title 8, Section 1030), including
intrusions to
> public switched networks, major computer network intrusions,
privacy
> violations, industrial espionage, pirated computer software and
other
> crimes
>
> Copyright 2000
> Computer Security Institute
> 600 Harrison Street
> San Francisco, CA 94107
> Telephone: (415) 905-2626
> Fax: (415) 905-2218.
>
> ----------------------------------------------------------------
--------
> Avoid the lines and visit avis.com for quick and easy online
> reservations. Enjoy a compact car nationwide for only $29 a day!
> Click here for more details.
> http://click.egroups.com/1/3011/6/_/615574/_/956064998/
> ----------------------------------------------------------------
--------
>
> Community email addresses:
> Post message: secedu@onelist.com
> Subscribe: secedu-subscribe@onelist.com
> Unsubscribe: secedu-unsubscribe@onelist.com
> List owner: secedu-owner@onelist.com
>
> Shortcut URL to this page:
> http://www.onelist.com/community/secedu
>
***********************************************************************
This transmission contains information which may be confidential and
which may also be privileged. It is intended for the named addressee
only. Unless you are the named addressee, or authorised to receive it
on behalf of the addressee you may not copy or use it, or disclose it
to anyone else. If you have received this transmission in error please
contact the sender. Thank you for your cooperation.
***********************************************************************
AEA Technology plc registered office 329 Harwell, Didcot, Oxfordshire OX11 0RA.
Registered in England and Wales, number 3095862.
------------------------------------------------------------------------
Avoid the lines and visit avis.com for quick and easy online
reservations. Enjoy a compact car nationwide for only $29 a day!
Click here for more details.
http://click.egroups.com/1/3011/6/_/615574/_/956074719/
------------------------------------------------------------------------
Community email addresses:
Post message: secedu@onelist.com
Subscribe: secedu-subscribe@onelist.com
Unsubscribe: secedu-unsubscribe@onelist.com
List owner: secedu-owner@onelist.com
Shortcut URL to this page:
http://www.onelist.com/community/secedu