The new 2005 FBI Computer Crime Survey is the largest survey on these issues to date. The survey developed and analyzed with the help of leading public and private authorities on cyber security and is based on responses from a cross-section of more than 2,000 public and private organizations in four states.

Key findings of the survey are as follows:

1.  Total financial losses from attacks have declined dramatically. Down 61% on a per-respondent basis from last year, but still reportedly 0M.

2.  Attacks on computer systems or (detected) misuse of these systems have been slowly but steadily decreasing in all areas. Exception to the rule: a slight increase in the abuse of wireless networks.

3.  Defacements of Internet websites have increased dramatically. 95% of organizations experienced more than 10 website incidents in 2004.

4.  "Inside jobs" occur about as often as external attacks. The lesson is to anticipate attacks from all quarters.

5.  Organizations largely defend their systems through firewalls, anti-virus software, intrusion detection systems, and server-based access control lists. Use of smart cards and other one-time password tokens increased, while use of intrusion prevention systems decreased.

6.  More organizations are conducting security audits to serve as a baseline for a meaningful security program. 87% had conducted one.

7.  Computer security investments per employee vary widely. State governments lead the pack at 7, followed, in descending order, by utilities, transportation, telecommunications, manufacturing, and high tech down to the federal government at .

8.  Despite continuing discussion, there has been no increased use by organizations of outsourcing cybersecurity or using insurance to manage risks.

9.  Nearly nine out of 10 organizations experienced computer security incidents in a year's time; 20% of them indicated they had experienced 20 or more attacks.

10. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.  Virus attacks are #1; unauthorized access is #2; theft of proprietary information #3; and denial of service attacks a distant #4.

11. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for million of the million in total losses.

12. Sources of the attacks came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading.

The Computer Crime and Security Survey is conducted by the Computer Security Institute (CSI) with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad.

The full report can be viewed at: http://www.usdoj.gov/criminal/cybercrime/FBI2005.pdf.

FBI.gov is the official site of the U.S. Federal Government, U.S. Department of Justice.

Resources: Computer Security Institute / FBI InfraGard program / Reporting Internet Crime / San Francisco FBI Computer Crimes.

*****

Announcement: Attend the Powertips 2006 "Security Secrets and Strategies" conference on March 16, 2006 at the Grand Ballroom of Dusit Hotel Nikko. Tickets are available at all SM TicketNet outlets or call 911-5555. You can also register online at www.infochat.com.ph

For your comments, questions and suggestions, send your email to techtvhost@yahoo.com