[iwar] "Issues and Trends:2000 CSI/FBI Computer Crime and Security Survey,"
From: Robert W. Miller
From: snooker@iex.net
To: iwar@onelist.com
Tue, 18 Apr 2000 07:04:06 -0600
fc Tue Apr 18 06:09:14 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Tue, 18 Apr 2000 06:09:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Tue Apr 18 13:09:15 2000)
X-From_: sentto-279987-302-fc=all.net@returns.onelist.com Tue Apr 18 08:08:43 2000
Received: from fi.egroups.com (fi.egroups.com [207.138.41.182]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id IAA02970 for ; Tue, 18 Apr 2000 08:08:43 -0500
X-eGroups-Return: sentto-279987-302-fc=all.net@returns.onelist.com
Received: from [10.1.10.37] by fi.egroups.com with NNFMP; 18 Apr 2000 13:08:41 -0000
Received: (qmail 15249 invoked from network); 18 Apr 2000 13:04:44 -0000
Received: from unknown (10.1.10.27) by m3.onelist.org with QMQP; 18 Apr 2000 13:04:44 -0000
Received: from unknown (HELO mail.iex.net) (192.156.196.5) by mta2 with SMTP; 18 Apr 2000 13:04:44 -0000
Received: from oemcomputer (p92-s8.cos1-ras.iex.net [209.151.65.188]) by mail.iex.net (8.9.1/8.9.1) with SMTP id GAA29897 for ; Tue, 18 Apr 2000 06:54:33 -0600 (MDT)
To:
Message-ID:
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Tue, 18 Apr 2000 07:04:06 -0600
X-eGroups-From: "Robert W. Miller"
From: "Robert W. Miller"
Reply-To: iwar@egroups.com
Subject: [iwar] "Issues and Trends:2000 CSI/FBI Computer Crime and Security Survey,"
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Mar 22,2000
FOR IMMEDIATE RELEASE
Contact: Patrice Rapalus, Director
Computer Security Institute
600 Harrison Street
San Francisco, CA 94107
415/905-2310
Internet: prapalus@cmp.com
Ninety percent of survey respondents detect cyber attacks, 273
organizations report $265,589,940 in financial losses.
SAN FRANCISCO -- The Computer Security Institute (CSI) announced today
the results of its fifth annual "Computer Crime and Security Survey."
The "Computer Crime and Security Survey" is conducted by CSI with the
participation of the San Francisco Federal Bureau of Investigation's
(FBI) Computer Intrusion Squad. The aim of this effort is to raise the
level of security awareness, as well as help determine the scope of
computer crime in the United States.
Highlights of the "2000 Computer Crime and Security Survey" include
the following:
Ninety percent of respondents (primarily large corporations and
government agencies) detected computer security breaches within the
last twelve months.
Seventy percent reported a variety of serious computer security
breaches other than the most common ones of computer viruses, laptop
theft or employee "net abuse"--for example, theft of proprietary
information, financial fraud, system penetration from outsiders,
denial of service attacks and sabotage of data or networks.
Seventy-four percent acknowledged financial losses due to computer
breaches.
Forty-two percent were willing and/or able to quantify their financial
losses. The losses from these 273 respondents totaled $265,589,940
(the average annual total over the last three years was $120,240,180).
Financial losses in eight of twelve categories were larger than in any
previous year. Furthermore, financial losses in four categories were
higher than the combined total of the three previous years. For
example, 6I respondents quantified losses due to sabotage of data or
networks for a total of $27,148,000. The total financial losses due to
sabotage for the previous years combined totaled only $10,848,850.
As in previous years, the most serious financial losses occurred
through theft of proprietary information (66 respondents reported
$66,708,000) and financial fraud (53 respondents reported
$55,996,000).
Survey results illustrate that computer crime threats to large
corporations and government agencies come from both inside and outside
their electronic perimeters, confirming the trend in previous years.
Seventy-one percent of respondents detected unauthorized access by
insiders. But for the third year in a row, more respondents (59%)
cited their Internet connection as a frequent point of attack than
cited their internal systems as a frequent point of attack (38%).
Based on responses from 643 computer security practitioners in U.S.
corporations, government agencies, financial institutions, medical
institutions and universities, the findings of the "2000 Computer
Crime and Security Survey" confirm that the threat from computer crime
and other information security breaches continues unabated and that
the financial toll is mounting.
Respondents detected a wide range of attacks and abuses. Here are some
other examples:
25% of respondents detected system penetration from the outside.
27% of respondents detected denial of service attacks.
79% detected employee abuse of Internet access privileges (for
example, downloading pornography or pirated software, or inappropriate
use of e-mail systems).
85% detected computer viruses.
For the second year, we asked some questions about electronic commerce
over the Internet. Here are some of the results:
93% of respondents have WWW sites.
43% conduct electronic commerce on their sites (in 1999, only it was
only 30%).
19% suffered unauthorized access or misuse within the last twelve
months.
32% said that they didn't know if there had been unauthorized access
or misuse.
35% of those acknowledging attack, reported from two to five
incidents.
19% reported ten or more incidents.
64% of those acknowledging an attack reported Web-site vandalism.
60% reported denial of service.
8% reported theft of transaction information.
3% reported financial fraud.
Patrice Rapalus. CSI Director, suggests that the "Computer Crime and
Security Survey," now in its fifth year, has delivered on its promise
to raise the level of security awareness and help determine the scope
of crime in the United States.
"The trends the CSI/FBI survey has highlighted over the years are
disturbing. Cyber crimes and other information security breaches are
widespread and diverse. Ninety percent of respondents reported
attacks. Furthermore, such incidents can result in serious damages.
The 273 organizations that were able to quantify their losses reported
a total of $265,589,940. Clearly,
more must be done in terms of adherence to sound practices, deployment
of sophisticated technologies, and most importantly adequate staffing
and training of information security practitioners in both the private
sector and government."
Bruce J. Gebhardt is in charge of the FBI's Northern California
office. Based in San Francisco, his division covers fifteen counties,
including the continually expanding "Silicon Valley" area. Computer
crime is one of his biggest challenges.
"If the FBI and other law enforcement agencies are to be successful in
combating this continually increasing problem, we cannot always be
placed in a reactive mode, responding to computer crises as they
happen. The results of the CSI/FBI survey provide us with valuable
data. This information not only has been shared with Congress to
underscore the need for additional
investigative resources on a national level but identifies emerging
crime trends and helps me decide how best to proactively, and
aggressively assign resources, before those 'trends' become 'crises.'"
###
CSI, established in 1974, is a San Francisco-based association of
information security professionals. It has thousands of members
worldwide and provides a wide variety of information and education
programs to assist practitioners in protecting the information assets
of corporations and governmental organizations.
The FBI, in response to an expanding number of instances in which
criminals have targeted major components of information and economic
infrastructure systems, has established the National Infrastructure
Protection Center (NIPC) located at FBI headquarters and the Regional
Computer Intrusion Squads located in selected offices throughout the
United States. The NIPC, a joint partnership among federal agencies
and private industry, is designed to serve as the government's lead
mechanism for preventing and responding to cyber attacks on the
nation's infrastructures. (These infrastructures include
telecommunications, energy, transportation, banking and finance,
emergency services and government operations). The mission of Regional
Computer Intrusion Squads is to investigate violations of Computer
Fraud and Abuse Act (Title 8, Section 1030), including intrusions to
public switched networks, major computer network intrusions, privacy
violations, industrial espionage, pirated computer software and other
crimes
Copyright 2000
Computer Security Institute
600 Harrison Street
San Francisco, CA 94107
Telephone: (415) 905-2626
Fax: (415) 905-2218.
Det. Robert W. Miller
Colorado Internet Crimes Against
Children Task Force
Pueblo High Tech. Crime Unit
Pueblo County Sheriff's Office
320 S. Joe Martinez Blvd.
Pueblo West, CO. 81007
Tel (719)583-4736
FAX (719)583-4732
mailto:snooker@iex.net
mailto:cicactf@iex.net
http://www.co.pueblo.co.us/sheriff/
PGP key available at: http://pgpkeys.mit.edu:11371/
search on snooker@iex.net
------------------------------------------------------------------------
Enjoy the award-winning journalism of The New York Times with
convenient home delivery. And for a limited time, get 50% off for the
first 8 weeks by subscribing. Pay by credit card and receive an
additional 4 weeks at this low introductory rate.
http://click.egroups.com/1/3102/7/_/595019/_/956063321/
------------------------------------------------------------------------
------------------
http://all.net/