Cybercrime Costs On the Rise in U.S.
Cybercrimes cost some of the top companies in the U.S. a total of at least $377.8 million last year, according to a new survey by the FBI and an association of IT security workers.
The survey, released last week by the San Francisco-based Computer Security Institute (CSI) and a team at the FBI's San Francisco office, found that almost two-thirds of the 538 CSI member companies, government agencies and universities questioned suffered financial losses because of computer security breaches during the past 12 months.
However, total financial losses are likely much higher than reported, said Richard Power, editorial director at the CSI. Although 85% of the security employees who took part in the annual survey detected breaches, only 35% could or would quantify their financial losses.
"I would characterize the results that were
quantified as conservative. This is serious crime," said Power. Most of the organizations surveyed are private sector companies, and they "represent a significant chunk of mainstream American business," Power added.
Losses Mounting
Last year's survey cited $265.5 million in damages -- but it had only 249 respondents.
This year, thefts of information and financial fraud accounted for $244.2 million of the losses reported -- a figure that was almost equal to the total losses listed in those categories for the previous three years combined, according to the CSI and the FBI. Other categories included losses due to viruses, laptop theft, sabotage and system penetration.
"As companies are getting better at quantifying their losses, we're beginning to see what crime is going to look like in the Information Age," said Power. "We're seeing a level of sophistication that goes beyond the stereotypical hacker."
That sophistication and the size of the businesses being targeted may explain the hefty price tag associated with a relatively small number of the breaches. The CSI and the FBI said a group of just 34 respondents reported more than $151 million in losses from thefts of proprietary data, a per-company average of almost $4.5 million. A group of 21 companies reported $92.9 million in losses from financial fraud.
As part of the new survey, 267 firms reported more than $41 million in combined losses resulting from unauthorized employee access to systems or abuse of network access privileges by insiders.
All told, 91% of those surveyed reported some sort of insider abuse of network access during the past year.
Computerworld
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
