The Computer Security Institute (CSI) recently released the findings of its seventh annual Computer Crime and Security Survey, conducted in conjunction with the Federal Bureau of Investigation's (FBI's) San Francisco-based Computer Intrusion Squad. According to the survey, computer crimes and their related costs continue to increase.
Survey results are based on responses from 503 security practitioners who work in the business, government, finance, medical, and higher-education sectors. The survey reports that 90 percent of the respondents detected security breaches in the past 12 months and 80 percent suffered measurable financial losses. Of the organizations that suffered losses, 223 respondents quantified their losses, which totaled $455,848,000. Respondents attributed most losses to theft of proprietary information and financial fraud. Three-quarters of respondents said that their Internet connections were the most frequent points of attack.
The types of intrusions varied. Forty percent detected penetration attempts from the outside. Fifty-two percent of the respondents conduct e-commerce. Twelve percent of respondents reported the theft of transaction information. Seventy percent reported vandalism. Not surprisingly, 85 percent detected computer viruses.
Notably, only 34 percent of the respondents reported intrusions to law-enforcement officials. Although that percent has risen from 16 percent in 1996, most companies still don't reveal the true extent of security threats to their investors, customers, business partners—or to law-enforcement officials. The FBI urged organizations to share such information. CSI Executive Assistant Director Bruce J. Gebhardt, formerly with the FBI, said, "The United States' increasing dependency on information technology to manage and operate our nation's critical infrastructures provides a prime target to would be cyber-terrorists. Now, more than ever, the government and private sector need to work together to share information and be more cognitive of information security so that our nation's critical infrastructures are protected from cyber-terrorists."
You can read selected highlights and obtain CSI's new report through the CSI Web site. To request a copy of the full report in PDF format, you complete a simple Web-based form.
The CSI Web site offers another helpful security resource: the CSI Firewall Product Search Center. This firewall guide presents vendor-maintained information about 31 popular firewalls. The guide lets you compare firewall features and prices. For example, you can select any number of firewalls from the list of products and display a side-by-side feature comparison. The comparison includes details about features such as local and remote administration interfaces, user authentication subsystems, support costs, product updates, and whether a product is proprietary or sits on top of an OS. If you're shopping for a firewall, you'll find this guide invaluable. Be sure to take a look.