Computer Crime Research Center


FBI/CSI 2004 cybercrime report

Date: August 30, 2004
Source: TechRepublic
By: John McCormick

For the past nine years the FBI and the Computer Security Institute have compiled cybercrime statistics. These statistics provide a good benchmark to compare the year-to-year changes in the kind of threats administrators need to focus on. To get the 2004 report, you have to go to the CSI Web site and enter some registration information in order to receive the document as a PDF download.

The 2004 report concludes that both “the unauthorized use of computer systems” and the “annual financial loss resulting from security breaches” have declined, with a shift in the biggest problems being toward denial of service attacks. If true, that should come as a bit of a relief to many harried administrators.

The 486 reporting administrators come from a good mix of employee sizes in private sector and government agencies, with most of the respondents in the private sector. Thus, the information in this report should be useful for most IT departments.

There are also useful reports on the amount of money spent on security by various organizations. Many administrators and IT manager might want to use those numbers to help gauge the reasonableness of security-focused budget requests.

In my opinion, some of the most significant findings in the report include:

* Viruses and insider abuse of Web access are the biggest threats cited in the report.
* One very bright spot in the report was that, among the responding organizations, 99 percent had antivirus software and 98 percent had firewalls.
* Other numbers indicate that data encryption isn’t used nearly as often as would be expected, which isn’t comforting.
* Another worrisome trend I gleaned from the reports was that, by far, medical-related companies spend the least on security. That may change when the recent laws and regulations regarding privacy of medical records are more fully implemented.
* Most companies don’t have cybersecurity insurance, something I suspect will change in the future.
* Per-employee security costs are highest for small businesses and smallest for very large companies. Although that is predictable, it is still important to realize.

Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-01-16 13:43:20 - tech rentao
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo