|
|||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||
Text: Corporate Losses to Cybercrime Increasing, Survey Shows
Following is the text of the Computer Security Institute press release: April 7, 2002 CYBER CRIME BLEEDS U.S. CORPORATIONS, SURVEY SHOWS; SAN FRANCISCO - The Computer Security Institute (CSI) announced today the
results of its seventh annual "Computer Crime and Security Survey." Based on responses from 503 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the findings of the "2002 Computer Crime and Security Survey" confirm that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting. Highlights of the "2002 Computer Crime and Security Survey" include: --Ninety percent of respondents (primarily large corporations and government
agencies) detected computer security breaches within the last twelve months. Respondents detected a wide range of attacks and abuses. Here are some examples of attacks and abuses on the rise: --Forty percent detected system penetration from the outside. For the fourth year, we asked some questions about electronic commerce over the Internet. Here are some of the results: --Ninety-eight percent of respondents have WWW sites. Patrice Rapalus, CSI Director, remarks that the "Computer Crime and Security Survey," has served as a reality check for industry and government: "Over its seven-year life span, the survey has told a compelling story. It has underscored some of the verities of the information security profession, for example that technology alone cannot thwart cyber attacks and that there is a need for greater cooperation between the private sector and the government. It has also challenged some of the profession's 'conventional wisdom,' for example that the 'threat from inside the organization is far greater than the threat from outside the organization' and that 'most hack attacks are perpetrated by juveniles on joy-rides in cyberspace.' Over the seven-year life span of the survey, a sense of the 'facts on the ground' has emerged. There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement. Incidents are widespread, costly and commonplace. Post-9/11, there seems to be a greater appreciation for how much information security means not only to each individual enterprise but also to the economy itself and to society as a whole. Hopefully, this greater appreciation will translate into increased staffing levels, more investment in training and enhanced organizational clout for those responsible for information security." Executive Assistant Director (EAD) Bruce J. Gebhardt, former Special Agent
in-Charge FBI San Francisco, stresses the need for the cooperation between the
government and the private sector that the annual survey reflects. CSI, established in 1974, is a San Francisco-based association of information security professionals. It has thousands of members worldwide and provides a wide variety of information and education programs to assist practitioners in protecting the information assets of corporations and governmental organizations. The FBI, in response to an expanding number of instances in which criminals have targeted major components of information and economic infrastructure systems, has established the National Infrastructure Protection Center (NIPC) located at FBI headquarters and the Regional Computer Intrusion Squads located in selected offices throughout the United States. The NIPC, a joint partnership among federal agencies and private industry, is designed to serve as the government's lead mechanism for preventing and responding to cyber attacks on the nation's infrastructures. (These infrastructures include telecommunications, energy, transportation, banking and finance, emergency services and government operations). The mission of Regional Computer Intrusion Squads is to investigate violations of Computer Fraud and Abuse Act (Title 8, Section 1030), including intrusions to public switched networks, major computer network intrusions, privacy violations, industrial espionage, pirated computer software and other crimes. |