By Rachel Chalmers
Penetration of US corporate information systems by outsiders has increased for the third year in a row, according to a computer crime and security survey conducted by the Computer Security Institute (CSI) with the participation of the San Francisco Federal Bureau of Investigation (FBI) Computer Intrusion Squad. Nearly a third of respondents to the survey reported that such intrusions had taken place on their networks. More and more companies are finding that their internet connection is the weak link; 57% reported internet-based attacks this year, up from 37% last year.
Unauthorized access by insiders also rose for the third straight year, affecting 55% of respondents. The CSI said it is encouraged by the fact that more companies are reporting these attacks to the relevant authorities: 32% of respondents to the current survey, compared with 17% in each of the past three years. Monetary losses attributed to breaches of computer security reached $123,779,000. The most serious losses – $42,496,000 worth – were incurred when proprietary information was stolen from 23 respondents, although financial fraud cost 27 respondents a total of $39,706,000.
CSI director Patrice Rapalus urges organizations to pay more attention to IT security staffing and training. It is interesting to note that while many respondents answered ‘yes’ to the use of sophisticated security technologies, serious breaches continue to increase, Rapalus observes. Meanwhile Michael Vatis, director of the National Infrastructure Protection Center at FBI HQ in Washington DC, calls for better information sharing between the victims of computer security breaches. Only by sharing information about incidents and threats and exploited vulnerabilities can we begin to stem the rising tide of illegal activity on networks and protect our nation’s critical infrastructure from destructive cyber attacks, Vatis says.
