The 2005 FBI Computer Crime Survey is one of the largest by the agency on the topic of cyber-crime and found widespread evidence of criminal online behavior targeting organizations in the United States.
While organizations are becoming more vigilant about computer security risks, only 90 percent of organizations that experienced attacks reported them to law enforcement, according to an FBI statement.
Attacks by computer viruses and worms continued to be the most common kinds of attacks reported by the organizations surveyed by the FBI.
Viruses were detected by 83 percent of those responding to the survey; 79 percent of those responding said they had encountered spyware during the year, while 20 percent said their networks had been scanned or had data sabotaged.
Total losses for the companies surveyed were estimated at $32 million, with virus and worm attacks accounting for $12 million of that, according to the FBI.
The survey, which was released on Jan. 11, is different from the annual survey conducted by the FBI and CSI (Computer Security Institute), which came out in July. The CSI/FBI survey of 700 U.S. corporations, government agencies, and financial and medical institutions found that attacks on computer networks and losses from computer attacks were both down in 2005.
The new survey is designed to represent a broader spectrum of companies than those in the CSI survey, with more than 2,000 private and public organizations surveyed in four states, the FBI said.
The latest survey presents a less optimistic picture. More than 64 percent of respondents incurred a financial loss in 2005 and 44 percent said they were attacked from within their own organization, the FBI said.
The results of the latest survey rang true with Chad Lorenc, an information security officer with Ent Credit Union in Colorado Springs, Colo.
IT security staff at Ent were able to keep the credit unions network free of worm and virus infections, but have noticed an increase in phishing attacks in the last year, he said.
Only one phishing attack targeted Ents customers, with most looking for customers of common online providers like eBay Inc. However, the phishing attacks and the wider use of Trojan horse programs affect Ents customers more than they affect the bank itself, he said.
Echoing the findings of the survey, Lorenc said Ent has ramped up internal security in the last two years to make it less susceptible to disruption from cyber-attacks.
"Weve gotten very proactive about patching in the last two years …We really stepped up patching and brought in a managed services company to help us do defense in depth," he said.
Ent uses firewalls and intrusion detection systems, monitors key servers and pays for a fraud monitoring service to spot suspicious activity affecting its customers accounts, he said.