, Newsbytes 2002-04-08
Ninety percent of businesses and government agencies suffered hacker attacks within the past year, yet only a third of those businesses reported the intrusions to law enforcement, an FBI survey found.While 80 percent of the respondents acknowledged financial losses due to computer attacks, only 44 percent were willing or able to quantify the damage, according to survey results released Sunday by the FBI.
Seventy-eight percent said employees had abused their Internet access privileges by downloading pornography or pirated software. Eighty-five percent detected computer viruses on their networks.
"There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement," said Patrice Rapalus, director of the Computer Security Institute, the San Francisco private sector group that conducted the survey with the FBI's Computer Intrusion Squad. "Incidents are widespread, costly and commonplace."
Companies that reported damages said they lost approximately $455 million from computer crime last year, up nearly $125 million over the previous year. The majority of the losses were attributed to financial fraud and the theft of proprietary information.
Twenty-five percent of those acknowledging attacks reported between two to five incidents. Thirty-nine percent reported 10 or more intrusions.
Thirty-eight percent discovered unauthorized access or misuse on their Web sites within the last 12 months, and 21 percent said they were not sure if there had been any unauthorized access or misuse.
Bruce J. Gebhardt, a former FBI agent who now serves as executive assistant director of the CSI project, said the findings demonstrate the need for greater cooperation between the private sector and law enforcement.
"Now, more than ever, the government and private sector need to work together to share information and be more cognitive of information security so that our nation's critical infrastructures are protected from cyber-terrorists," Gebhardt said.
Many companies have said they would be more willing to disclose information on computer attacks if they were guaranteed their communications could not be disclosed via Freedom of Information Act (FOIA) requests.
The Bush administration has helped to craft legislation in both the U.S. Senate and House of Representatives that would do just that. Both measures are currently awaiting committee action.
The Computer Security Institute is at http://www.gocsi.com .
Reported by Newsbytes.com, http://www.newsbytes.com .