Re: [secedu] [iwar] "Issues and Trends:2000 CSI/FBI Computer Crime and Security Survey," (fwd)


From: David Spinks
From: david.spinks@dspinks41.freeserve.co.uk
To: secedu@egroups.com

Tue, 18 Apr 2000 19:49:51 +0100


fc  Tue Apr 18 11:52:13 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Tue, 18 Apr 2000 11:52:13 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Tue Apr 18 18:52:07 2000)
X-From_: sentto-310457-120-fc=all.net@returns.onelist.com  Tue Apr 18 13:51:36 2000
Received: from fk.egroups.com (fk.egroups.com [208.50.144.73]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id NAA03631 for ; Tue, 18 Apr 2000 13:51:36 -0500
X-eGroups-Return: sentto-310457-120-fc=all.net@returns.onelist.com
Received: from [10.1.10.35] by fk.egroups.com with NNFMP; 18 Apr 2000 18:51:40 -0000
Received: (qmail 13330 invoked from network); 18 Apr 2000 18:51:39 -0000
Received: from unknown (10.1.10.26) by m1.onelist.org with QMQP; 18 Apr 2000 18:51:39 -0000
Received: from unknown (HELO qg.egroups.com) (10.1.2.27) by mta1 with SMTP; 18 Apr 2000 18:51:39 -0000
Received: (qmail 21469 invoked from network); 18 Apr 2000 18:51:39 -0000
Received: from cmailg7.svr.pol.co.uk (195.92.195.177) by qg.egroups.com with SMTP; 18 Apr 2000 18:51:39 -0000
Received: from modem-102.eledhwen.dialup.pol.co.uk ([62.136.182.102] helo=it017923) by cmailg7.svr.pol.co.uk with smtp (Exim 3.13 #0) id 12hd5z-0004bH-00 for secedu@egroups.com; Tue, 18 Apr 2000 19:51:35 +0100
Message-ID: <000101bfa967$12d77920$66b6883e@it017923>
To: 
References: <200004181331.GAA15654@all.net>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
MIME-Version: 1.0
Mailing-List: list secedu@egroups.com; contact secedu-owner@egroups.com
Delivered-To: mailing list secedu@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Tue, 18 Apr 2000 19:49:51 +0100
X-eGroups-From: "David Spinks" 
From: "David Spinks" 
Reply-To: secedu@egroups.com
Subject: Re: [secedu] [iwar] "Issues and Trends:2000 CSI/FBI Computer Crime and Security Survey," (fwd)  
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Dear Readers

Sorry I should have also given KPMG URL which is :

http://www.kpmg.co.uk/

regards

David Spinks


----- Original Message -----
From: Fred Cohen 
To: 
Sent: 18 April 2000 14:31
Subject: [secedu] [iwar] "Issues and Trends:2000 CSI/FBI Computer
Crime and Security Survey," (fwd)


> Subject: [iwar] "Issues and Trends:2000 CSI/FBI Computer Crime
and Security Survey,"
>
>  Mar 22,2000
>  FOR IMMEDIATE RELEASE
>  Contact: Patrice Rapalus, Director
>  Computer Security Institute
>  600 Harrison Street
>  San Francisco, CA 94107
>  415/905-2310
>  Internet: prapalus@cmp.com
>
> Ninety percent of survey respondents detect cyber attacks, 273
> organizations report $265,589,940 in financial losses.
>
> SAN FRANCISCO -- The Computer Security Institute (CSI) announced
today
> the results of its fifth annual "Computer Crime and Security
Survey."
> The "Computer Crime and Security Survey" is conducted by CSI
with the
> participation of the San Francisco Federal Bureau of
Investigation's
> (FBI) Computer Intrusion Squad. The aim of this effort is to
raise the
> level of security awareness, as well as help determine the scope
of
> computer crime in the United States.
>
> Highlights of the "2000 Computer Crime and Security Survey"
include
> the following:
>
> Ninety percent of respondents (primarily large corporations and
> government agencies) detected computer security breaches within
the
> last twelve months.
>
> Seventy percent reported a variety of serious computer security
> breaches other than the most common ones of computer viruses,
laptop
> theft or employee "net abuse"--for example, theft of proprietary
> information, financial fraud, system penetration from outsiders,
> denial of service attacks and sabotage of data or networks.
>
> Seventy-four percent acknowledged financial losses due to
computer
> breaches.
>
> Forty-two percent were willing and/or able to quantify their
financial
> losses. The losses from these 273 respondents totaled
$265,589,940
> (the average annual total over the last three years was
$120,240,180).
>
> Financial losses in eight of twelve categories were larger than
in any
> previous year. Furthermore, financial losses in four categories
were
> higher than the combined total of the three previous years. For
> example, 6I respondents quantified losses due to sabotage of
data or
> networks for a total of $27,148,000. The total financial losses
due to
> sabotage for the previous years combined totaled only
$10,848,850.
>
> As in previous years, the most serious financial losses occurred
> through theft of proprietary information (66 respondents
reported
> $66,708,000) and financial fraud (53 respondents reported
> $55,996,000).
>
> Survey results illustrate that computer crime threats to large
> corporations and government agencies come from both inside and
outside
> their electronic perimeters, confirming the trend in previous
years.
> Seventy-one percent of respondents detected unauthorized access
by
> insiders. But for the third year in a row, more respondents
(59%)
> cited their Internet connection as a frequent point of attack
than
> cited their internal systems as a frequent point of attack
(38%).
>
> Based on responses from 643 computer security practitioners in
U.S.
> corporations, government agencies, financial institutions,
medical
> institutions and universities, the findings of the "2000
Computer
> Crime and Security Survey" confirm that the threat from computer
crime
> and other information security breaches continues unabated and
that
> the financial toll is mounting.
>
> Respondents detected a wide range of attacks and abuses. Here
are some
> other examples:
>
> 25% of respondents detected system penetration from the outside.
>
> 27% of respondents detected denial of service attacks.
>
> 79% detected employee abuse of Internet access privileges (for
> example, downloading pornography or pirated software, or
inappropriate
> use of e-mail systems).
>
> 85% detected computer viruses.
>
> For the second year, we asked some questions about electronic
commerce
> over the Internet. Here are some of the results:
>
> 93% of respondents have WWW sites.
>
> 43% conduct electronic commerce on their sites (in 1999, only it
was
> only 30%).
>
> 19% suffered unauthorized access or misuse within the last
twelve
> months.
>
> 32% said that they didn't know if there had been unauthorized
access
> or misuse.
>
> 35% of those acknowledging attack, reported from two to five
> incidents.
>
> 19% reported ten or more incidents.
>
> 64% of those acknowledging an attack reported Web-site
vandalism.
>
> 60% reported denial of service.
>
> 8% reported theft of transaction information.
>
> 3% reported financial fraud.
>
> Patrice Rapalus. CSI Director, suggests that the "Computer Crime
and
> Security Survey," now in its fifth year, has delivered on its
promise
> to raise the level of security awareness and help determine the
scope
> of crime in the United States.
>
> "The trends the CSI/FBI survey has highlighted over the years
are
> disturbing. Cyber crimes and other information security breaches
are
> widespread and diverse. Ninety percent of respondents reported
> attacks. Furthermore, such incidents can result in serious
damages.
> The 273 organizations that were able to quantify their losses
reported
> a total of $265,589,940. Clearly,
> more must be done in terms of adherence to sound practices,
deployment
> of sophisticated technologies, and most importantly adequate
staffing
> and training of information security practitioners in both the
private
> sector and government."
>
> Bruce J. Gebhardt is in charge of the FBI's Northern California
> office. Based in San Francisco, his division covers fifteen
counties,
> including the continually expanding "Silicon Valley" area.
Computer
> crime is one of his biggest challenges.
>
> "If the FBI and other law enforcement agencies are to be
successful in
> combating this continually increasing problem, we cannot always
be
> placed in a reactive mode, responding to computer crises as they
> happen. The results of the CSI/FBI survey provide us with
valuable
> data. This information not only has been shared with Congress to
> underscore the need for additional
> investigative resources on a national level but identifies
emerging
> crime trends and helps me decide how best to proactively, and
> aggressively assign resources, before those 'trends' become
'crises.'"
>
>                                                ###
>
> CSI, established in 1974, is a San Francisco-based association
of
> information security professionals. It has thousands of members
> worldwide and provides a wide variety of information and
education
> programs to assist practitioners in protecting the information
assets
> of corporations and governmental organizations.
>
> The FBI, in response to an expanding number of instances in
which
> criminals have targeted major components of information and
economic
> infrastructure systems, has established the National
Infrastructure
> Protection Center (NIPC) located at FBI headquarters and the
Regional
> Computer Intrusion Squads located in selected offices throughout
the
> United States. The NIPC, a joint partnership among federal
agencies
> and private industry, is designed to serve as the government's
lead
> mechanism for preventing and responding to cyber attacks on the
> nation's infrastructures. (These infrastructures include
> telecommunications, energy, transportation, banking and finance,
> emergency services and government operations). The mission of
Regional
> Computer Intrusion Squads is to investigate violations of
Computer
> Fraud and Abuse Act (Title 8, Section 1030), including
intrusions to
> public switched networks, major computer network intrusions,
privacy
> violations, industrial espionage, pirated computer software and
other
> crimes
>
> Copyright 2000
> Computer Security Institute
> 600 Harrison Street
> San Francisco, CA 94107
> Telephone: (415) 905-2626
> Fax: (415) 905-2218.
>
> ----------------------------------------------------------------
--------
> Avoid the lines and visit avis.com for quick and easy online
> reservations. Enjoy a compact car nationwide for only $29 a day!
> Click here for more details.
> http://click.egroups.com/1/3011/6/_/615574/_/956064998/
> ----------------------------------------------------------------
--------
>
> Community email addresses:
>   Post message: secedu@onelist.com
>   Subscribe:    secedu-subscribe@onelist.com
>   Unsubscribe:  secedu-unsubscribe@onelist.com
>   List owner:   secedu-owner@onelist.com
>
> Shortcut URL to this page:
>   http://www.onelist.com/community/secedu
>



------------------------------------------------------------------------
Join Garden.com's affiliate program and enjoy numerous benefits. 
To learn more click here:
http://click.egroups.com/1/2753/6/_/615574/_/956083900/
------------------------------------------------------------------------

Community email addresses:
  Post message: secedu@onelist.com
  Subscribe:    secedu-subscribe@onelist.com
  Unsubscribe:  secedu-unsubscribe@onelist.com
  List owner:   secedu-owner@onelist.com

Shortcut URL to this page:
  http://www.onelist.com/community/secedu