Computer Crime Research Center

logo/2004.jpg

FBI publishes computer crime and security stats

Date: August 05, 2004
Source: The Register
By: Fran Howarth, IT-Analysis

Every year for the past nine years, the Computer Security Institute and the FBI undertake a computer crime and security survey among companies and institutions in the US. These surveys provide interesting insights into the level of computer crime being experienced by companies, as well as how they are responding to security breaches.

Computer security has evolved from being purely the domain of IT resources to the point now where even the board of a company take an interest. This growing concern about security has come about as the internet has emerged to be a ubiquitous business tool. When the CSI and FBI started performing this survey in the mid-1990s, computer security concerns largely centred on technical issues such as encryption, access controls and intrusion detection systems.

By 2004, the ninth annual survey indicates that companies are becoming more concerned with the economic, financial and risk management aspects of computer security in addition to the purely technical aspects. This indicates the greater importance that is being placed on security by senior management in organisations.

Overall, the 2004 survey indicates that the frequency of successful attacks against corporate information systems is decreasing - and has been in steady decline since 2001. In fact, only 53 per cent of respondents indicated that they had experienced unauthorised use of their computational systems in the past year, which is the lowest level since 1999. Over the past year, there has been a dramatic drop in reports of system penetration, insider abuse and theft of intellectual property.

Across respondents, there was also a fairly even split between reports of breaches coming from inside and outside of the organisation. This is a substantial change from last year's survey, when 80 per cent of respondents reported insider abuse of networks to be the most common form of attack or abuse and indicates that security implementations are having some level of success in stopping these attacks.

Original article



Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo