E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


SURVEY: COSTS OF COMPUTER SECURITY BREACHES SOAR

Source: CNN.com

Posted on March 13, 2001

      The reported cost of computer security breaches at U.S. businesses and government organizations is rising dramatically as their frequency increases, a new survey released Monday suggests.

      "This is a problem that not enough people really are clued into," said Richard Power, editorial director with the Computer Security Institute, based in San Francisco, California.

      The Computer Security Institute and the FBI questioned security experts from a variety corporations, government agencies, financial institutions and universities for its 2001 survey.

      Of 538 respondents, 85 percent detected security breaches over the previous year, and 64 percent experienced financial losses as a result.

      And of the 186 respondents willing to detail how much they lost, the deficits totaled nearly $378 million. In 2000, 249 respondents said they lost about $265 million.

Internet a key entry point

Seventy percent of those surveyed cited the Internet as a frequent point of attack, compared to 59 percent in 2000.

      "The threat from the outside or corporations outside of government agencies, is increasing very dramatically each year," Power said.

      Also increasing was the number who reported their problems to law enforcement -- 36 percent in the current survey compared to 25 percent in 2000 and just 16 percent in 1996.

      "I think part of that is the taboo is being broken. To some extent it's no longer the kiss of death to admit to a security breach," Power said.

      The biggest losses stemmed from theft of propriety information and financial fraud, the survey said.

Tied to e-commerce boom?

Stephen Northcutt is director of the Global Incident Analysis Center (GIAC), part of the SANS Institute for system and network administrators and security professionals. It helps gather information from the security community and warn of possible threats.

      Northcutt suggested the increase in breaches is a natural outgrowth of the e-commerce boom.

      "I think there is just more Internet-related e-commerce than people realize, and that gives you more targets of opportunity than you can believe," he said.

      Northcutt said there's only so much law enforcement can do to address the problem.

      "There is really no way the government can help us. Obviously there are things the government can do, but a government can't save us like a lifeguard in a swimming pool, which means it's up to us to learn to swim," he said.

Problem could be worse

      Power noted that the overall numbers might actually be a best-case scenario, in that some might not even recognize the extent of a problem.

      "Many organizations, many corporations out there wouldn't even have someone who could intelligently answer these questions, and that's a significant problem," he said.

      Mark Zajicek of the CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute, which specializes in Internet security, said tips for breaking into computer systems are becoming more readily available online.

      At the same time, businesses and organizations often aren't adequately prepared to protect themselves.

      "They may not necessarily have trained, experienced staff who know how to maintain all these hundreds of thousands of systems in a secure manner," he said.

      The survey factored in a variety of breaches, including penetration from the outside, employee abuse of Internet access and computer viruses.

Not stereotypical hackers

Among the most highly publicized breaches recently was the incident at Microsoft, where an attacker gained access to the source code for a future product, and the destructive "I Love You" virus.

      Power, author of the book "Tangled Web: Tales of Digital Crime," said there's some misconception of who's committing the security breaches, and their level of seriousness.

      "The stereotypical hacker is a juvenile with a blue mohawk and skateboard and is a genius. ... They are not where these numbers come from," he said. "These numbers come from professionals."




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.