The amount of money that U.S. businesses and other organizations lose to digital attacks has dropped more than 50 percent since 2002, according to the latest survey from the Computer Security Institute and the FBI. And, the percentage of organizations that detected unauthorized use of their systems fell to 56 percent from 60 percent a year earlier.
The 2003 survey also shows that companies are still failing to report most of their intrusions and attacks to law enforcement. Only 30 percent of the surveys respondents said they had contacted the authorities after an attack, a drop from 34 percent a year ago. Negative publicity and fear that competitors would use the information to their advantage were the top two reasons organizations cited for failing to talk to law enforcement after an attack.
Among the most frequently seen attacks, viruses, laptop misuse and unauthorized access by insiders continued to lead the way, according to the survey. Fully 82 percent of all respondents reported being hit by a virus, which is down somewhat from 85 percent in 2002. But the most surprising result of the survey is clearly the dramatic drop in the estimated financial costs of the reported attacks.
The 530 organizations surveyed reported $201.8 million in losses this year; in 2002, 503 respondents lost $455.8 million.
The CSI/FBI Computer Crime and Security Survey is conducted annually and surveys security professionals at a variety of U.S. corporations, government agencies, universities and other organizations. This is the eighth year the survey has been conducted.
One of the most often cited statistics from the survey is the number of attacks that come from inside an organization versus the number that originate outside the network. Security vendors frequently use these numbers to support whatever claim theyre making about the need for the product.
In 2003, the trend toward more of the attacks coming from outside the network continued, with 78 percent of respondents saying the Internet is their most frequent point of attack. Only 30 percent cited internal systems as the top attack vector, down from 33 percent last year.
Another interesting finding of the survey is the sharp decrease in the number of organizations reporting unauthorized access or misuse of their Web sites. The number fell to 25 percent from 38 percent in 2002. And of the respondents that saw Web incidents, 69 percent reported five or fewer such incidents.
Most of the Web-related incidents were simple vandalisms (36 percent) and denial-of-service attacks (35 percent).
Latest Security News: