FBI: Cybercrime rising
Yet fewer companies reporting incidents
(CNN) -- Cybercrime is on the rise throughout the United States, but many of those attacks are not being reported to the authorities, suggests a new report released Sunday by the FBI and the Computer Security Institute (CSI).
In the seventh annual "Computer Crime and Security Survey," about 90 percent of respondents detected a security breach within the last 12 months. However, only 34 percent reported the intrusions to law enforcement officials. This compares to 36 percent reporting incidents in 2001 and 25 percent in 2000.
"There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement," said Patrice Rapalus, director of the CSI, which prepared the survey with the FBI's Computer Intrusion Squad in San Francisco, California.
A private organization based in San Francisco that trains and educates its thousands of members on computer and network security issues, CSI describes itself as an advocate for "the critical importance of protecting information assets."
Participating in the survey were 503 security practitioners from corporations, government agencies, financial and medical institutions and universities. The names of the groups were not released.
Narrowing the gap between the number of cyberattacks in the private sector and the total reported to federal authorities has long been a goal of security professionals. Many firms cite the fear of bad publicity for their reluctance to alert authorities, while others prefer not to divulge any proprietary information to investigators.
Those practices need to stop, said Bruce Gebhardt, a former FBI special agent in-charge at the San Francisco office and now executive assistant director of the FBI.
"Now, more than ever, the government and private sector need to work together to share information and be more cognitive of information security so that our nation's critical infrastructures are protected from cyberterrorists," Gebhardt said.
Millions of dollars lost
The latest survey's findings' conclusions are comparable to those drawn by earlier reports. The most serious financial losses from cybercrimes occurred through theft of proprietary information and financial fraud -- $170 million and $115 million, respectively.
But not even half of the respondents (44 percent or 223 respondents) were willing or able to quantify their financial losses.
The total amount reportedly lost to cybercrime was $455.8 million, which compares with $378 million in 2001 and $265 in 2000. Overall, 80 percent of the companies that participated acknowledged financial some form of financial losses due to computer breaches.
Results of the 2002 survey also continued to challenge the notion that internal threats are greater than outside ones, said Rapalus.
According to the survey, twice as many respondents cited their Internet connection as a more frequent point of attack as those who said assaults came from within their internal systems.
The type of cyberattacks ranged from simple defacement of a Web site (similar to spraying graffiti on a front door) to denial-of-service attacks, which are meant to overwhelm a site and render it unusable. Eighty-five percent said they had been hit with some type of computer virus.
Company workers were also found to have caused mischief, as 78 percent of the respondents said they had detected some form of employee abuse over the Internet, including downloading pornography, accessing pirated software or inappropriate use of e-mail. This finding is actually down from last year when 91 percent of employees were found to have committed similar abuses.
However, financial losses due to these employee abuses actually increased, from $35 million to $50 million.
Report: Firms want computer forensics training
March 1, 2002
NIPC head: Communication key and must be improved
February 5, 2002
Microsoft hires former DOJ cybercop
February 1, 2002
Cybersecurity czar: Protect IT infrastructure
November 9, 2001
Study: Many UK businesses prey to cybercrime
August 30, 2001
Ashcroft sets sights on cybercrime
July 24, 2001
Analysis: Insiders a major security threat
July 11, 2001
Legislation urged to protect corporate data
June 18, 2001
Denial-of-service warning issued by FBI
May 8, 2001
Study: Most in U.S. want stronger cybercrime laws
April 3, 2001
Survey: Costs of computer security breaches soar
March 12, 2001
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top|