Headline Archives

   

CALLING ALL BUSINESS PROFESSIONALS
What's the Current State of Computer Network Security?

07/25/05

2005 CSI/FBI Computer Crime and Security SurveyThanks to the Computer Security Institute (CSI), we have some pretty good answers to that question.

Please read below for highlights from the 2005 CSI/FBI Computer Crime and Security Survey, based on responses from 700 U.S. corporations, government agencies, financial and medical institutions, and universities. This is our 10th annual survey in the information security field and, after reading it, we urge you to report to us any and all computer intrusions your company may experience.

1. Total financial losses from attacks have declined dramatically. Down 61% on a per-respondent basis from last year, but still reportedly $130M. What kinds of attacks? Virus attacks are #1; unauthorized access is #2; theft of proprietary information #3; and denial of service attacks a distant #4.

2. Attacks on computer systems or (detected) misuse of these systems have been slowly but steadily decreasing in all areas. Exception to the rule: a slight increase in the abuse of wireless networks.

3. Defacements of Internet websites have increased dramatically. 95% of organizations experienced more than 10 website incidents in 2004.

4. "Inside jobs" occur about as often as external attacks. The lesson is—anticipate attacks from all quarters.

5. Organizations largely defend their systems through firewalls, anti-virus software, intrusion detection systems, and server-based access control lists. Use of smart cards and other one-time password tokens increased, while use of intrusion prevention systems decreased.

6. More organizations are conducting security audits to serve as a baseline for a meaningful security program. 87% had conducted one.

7. Computer security investments per employee vary widely. State governments lead the pack at $497, followed, in descending order, by utilities, transportation, telecommuications, manufacturing, and high tech down to the federal goverment at $49.

8. Despite continuing discussion, there has been no increased use by organizations of outsourcing cybersecurity or using insurance to manage risks.

All good things to mull as you're reviewing your own computer network security. But please keep in mind we've only given you highlights. To get all the details, we encourage you to read the full report.

Resources: Computer Security Institute | FBI InfraGard program | Reporting Internet Crime | San Francisco FBI Computer Crimes