When Security Helps Stem Business Losses - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:02 PM

When Security Helps Stem Business Losses

Losses attributed to security breaches in the United States are trending down. Losses from intellectual-property theft plummeted from $170.8 million in 2001 to $70.2 million in 2002, according to the eighth annual Computer Security Institute's CSI/ FBI Computer Crime and Security Survey. The estimated damage for nearly all security breaches studied, with the exception of denial-of-service attacks, fell precipitously.

Have security experts finally figured out how to block hackers? Costs from IT theft have fallen not because theft of such data necessarily has decreased, says Eric Ogren, a senior analyst at the Yankee Group. Rather, he says, companies are getting better at devising more realistic valuations of their data and have toned down the estimated value of much of their intellectual property.

Another reason for the drop in losses: better sharing of security knowledge, better exchange of best practices, and better tools to combat or investigate security breaches. "The business world has gotten better at security intelligence," Ogren says. "That's one thing that will drive costs down as it's easier to identify the problem and the antidote."

Dollar Losses
Annual cost of computer crime
  2001 2002 2003
Theft of proprietary information $151.2M $170.8M $70.2M
Insider abuse of network access $35.0M $50.1M $11.8M
System penetration by outsider $19.1M $13.1M $2.8M
Sabotage of network data $5.2M $15.1M $5.1M
Denial-of-service attacks $4.3M $18.4M $65.6M
Note: Year reflects when interviewed about preceding year’s incidents.
Data: CSI/FBI 2003 Computer Crime and Security Survey of 530 security professionals

Even the cost increases associated with denial-of-service attacks can be seen as good news since they indicate that companies are becoming increasingly interconnected, and the value of the networks created and the worth of the data flowing through them is increasing, too. The bad news: As the Internet and corporate networks mature, the pain associated with attacks that strike at the availability of these systems will be severe. Employee-productivity losses as Slammerlike worms choke network access will become more acute as companies increasingly rely on telecommuters and as technologies such as voice over IP take root.

Clearly, more work needs to be done, especially in combating denial-of-service attacks. How does your company plan to support remote access to its operations while ensuring that company networks stay secure? Let us know at the address below.

George V. Hulme
Senior Editor
[email protected]

Defensive ActionsDefensive Actions

What security technologies does your company use?

Antivirus software, firewalls, and access controls are the strategies chosen most often. Yet businesses also are looking to intrusion-detection software, file encryption, and digital IDs to provide security. Biometrics also are gaining a foothold at companies surveyed by CSI. Eleven percent surveyed say their organizations have invested in biometrics technologies.

External StrikesExternal Strikes

How many external security incidents has your company experienced?

Nearly a third of surveyed security professionals report not knowing the number of times their company has fallen victim to an external security attack. Robert Richardson, editorial director for CSI, believes this might be an honest assessment of their situation. Security attacks at these companies might have created little damage or cost little money, so respondents aren't actively looking for security problems or monitoring for them.

Internal AttacksInternal Attacks

How many internal security incidents has your company experienced?

Viruses and worms are intended to disrupt and even harm data stores. But these weren't necessarily the biggest information-security threats facing corporate America last year. Insiders who lack proper permissions pose a much bigger risk, respondents said. Companies seeking to protect their proprietary information and their workers' productivity need to do more than be on the lookout for external security threats. Whether deliberate or not, employees at two-thirds of surveyed sites have been linked to security breaches. One-third of those surveyed simply didn't know of internal breaches.

Employee HitsEmployee Hits

Does your company suspect a disgruntled employee of a security attack on your company?

The fact that companies suspect disgruntled employees of security attacks doesn't mean that businesses are hiring bad people or have poor hiring practices. "Companies have to assume that security attacks happen from within their firewalls," says CSI's Richardson. "It can't be stopped. It just has to be kept under control." The good news: The number of security attacks attributed to disgruntled employees remained relatively unchanged over the past three years. This despite salary freezes, layoff threats, and higher workloads for many workers.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll