New FBI Computer Crime Survey – 2006

Are you looking for info regarding the cyber attacks that organizations in the U.S. are facing and what defense strategies they’re using against these attacks and the implications for our government and industry?

The 2005 FBI “Computer Crime Survey” is the largest survey on these issues so far. This survey was developed and analyzed with the help of leading public and private experts on “cyber security” and is based on responses from a random sampling of more than 2,000 public and private organizations in four states.

Survey Findings:

The frequency of attacks – almost 9 of 10 organizations experienced computer security incidents in a year’s time. Of these companies /organizations, 20% of them indicated they had experienced 20 or more attacks.

Types of attacks – Viruses (83%+) and spyware (79%+) were on the top of the list the list. More than 1 out of 5 organizations said they experienced port scans and network or data sabotage. (sounds like my workstation)

The Costs – Over 64% of the responding organizations incurred a loss. Viruses and worms cost $12 million of the $32 million in total losses.

Attacking Sources – They came from 36 different countries. The U.S. (26%) and China (24%) accounted for over 1/2 of the intrusion attempts, though masking technology makes it hard to get an accurate reading.

Defense Strategies – Most organizations installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) weren’t used. On top of that, 44% reported intrusions from within their own organizations, suggesting the need for stronger administrative controls.

Reports – A mere 9% reported incidents to law enforcement. They believed these infractions were not illegal or that law enforcement couldn’t or wouldn’t do anything about it. However, 91% who did report intrusions were satisfied with law enforcement response. Also, 81% said that they would report future attacks to the FBI or some other law enforcement agency. Most weren’t aware of “InfraGard”, a joint “FBI / private sector collaboration” that battles computer crimes and other threats that occur due to information sharing.

It is believed that the survey is a “loud and clear” sign of the urgency for maintaining vigilance against both external and internal cyber assaults / attacks.

Frank Abagnale, security consultant and subject of the movie “Catch Me If You Can,” echoed those comments, saying: “Every company, both large and small, should study this survey and use the data as the basis for making changes. Those who ignore it do so at their peril.”

I think his remarks on the situation about sum things up! More…