News
News
3/4/2003
02:07 PM
Connect Directly
RSS
E-Mail
50%
50%

Businesses Cut Security Losses

Greater use of security hardware and software products helped businesses substantially reduce losses due to security incidents, a new survey says.

Thanks to better security practices, businesses are losing less money. Some 251 organizations lost nearly $202 million last year due to security incidents. That's a lot of money, but its down 56% from the $456 million lost in 2001. Those are the key findings of the eighth annual CSI/FBI Computer Crime and Security Survey released Thursday by the Computer Security Institute and the Federal Bureau of Investigation.

The number of significant security incidents last year was about the same as the year before, says Robert Richardson, editorial director for the institute. The reduction in losses probably came about because businesses are paying more attention to security in the wake of the terrorist attacks of Sept. 11 and security professionals are getting better at spotting and stopping attacks, he says. Plus, stiffer legal penalties against hackers may be scaring would-be hackers into pursuing other things. "If I were a young kid with an interest in hacking, I wouldn't be hacking into the Rand Corporation right now," says Richardson.

But the drop in losses attributed to security problems could be more related to companies "re-examining their real intellectual-property risk and reflecting more realistic losses in those areas" than a reduction in security threats, says Eric Ogren, senior analyst at the Yankee Group.

The survey puts the losses into a dozen categories. Total losses attributed to theft of proprietary information fell from around $171 million in 2001 to $70 million in 2002. Financial fraud dropped from $116 million in 2001 to $10 million in 2002. In fact, most loss categories were down this year, including sabotage of data on networks, telecommunications eavesdropping, outsiders breaking into systems, insider Net access abuse, virus attacks, unauthorized insider access, telecom fraud, and laptop theft.

The only categories to show an increase in losses were active wiretapping and denial-of-service attacks. The cost of denial-of-service attacks surged from $18 million in 2001 to around $66 million in 2002.

The growth of E-commerce and the increasing interconnectedness between businesses could help explain the increase in losses to denial-of-service attacks, Ogren says. "More companies are opening up their networks to a supply chain," he says. "So when a denial of service attack hits, such as those caused by SQL Slammer, the impact can delay the ordering of parts and slow down the supply chain. It certainly shows networks being much more critical year over year."

Some 78% of the companies surveyed said the Internet is the most frequent point of attack; that percentage has steadily increased from 57% in 1999. At the same time, internal system attacks have been trending downward. About 51% of those surveyed cited internal systems as the point of attack in 1999, while only 30% of respondents said the same in 2002.

The survey shows respondents have increased their reliance on every form of security hardware and software. The use of encryption leapt from 58% to 69%; firewall usage is up from 89% to 98%; intrusion-detection systems are up from 60% to 73%; and anti-virus software is nearly universal at 99% usage compared with 90% a year earlier.

Experts agree that increased use of anti-virus software, intrusion-detection systems, digital IDs, firewalls, and encryption are helping companies better defend themselves and mitigating the damage of successful attacks. Says Ogren, "There's definitely more security intelligence available today than just a couple of years ago."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 17, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.