By John P. Mello Jr. TechNewsWorld Part of the ECT News Network
10/13/05 8:06 AM PT
"If you think about where the pain in the security industry is right now and where the heat is around the media coverage and so forth, it's really focused right now on issues of theft of identity, phishing and pharming, essentially consumer-targeted fraud," said Robert Richardson, editorial director for the Computer Security Institute (CSI) in Philadelphia.
Success is just a matter of knowing the right "secrets." Download the free eBook, "The Edge of Success: 9 Building Blocks to Double Your Sales." You will discover the fastest, most effective ways to grow your business and still have time to live your life.
Computer crimes targeted at businesses are at their lowest level ever, according to a leading expert in the field.
Computer crime, observed Robert Richardson, editorial director for the Computer Security Institute (CSI) in Philadelphia "is as low as it's ever been and has dropped off significantly from last year."
Speaking yesterday at a Webcast on the annual CSI/FBI Computer Crime and Security Survey, Richardson noted that the average loss per cybercrime incident in 2005 was about US$250,000. That compares to $500,000 in 2004 and more than $3 million in 2001 -- the highwater mark for the survey, which has been conducted annually since 1999.
"We've gotten better and better at stopping [attacks] before they cost us a lot of money," Richardson told Webcast listeners.
SOX Socks Crime
Another reason for declining losses due to cybercrime could be increased demands on corporations to comply with rules and regulations like the Sarbanes-Oxley Act.
"The impact of Sarbanes-Oxley and other regulations will continue to grow not only in North America but on a worldwide basis," maintained Bob Tesh, a senior manager with NetIQ, which sponsored the Webcast.
"Compliance and risk management are becoming critical, not just in a few industries that have been regulated, but across many," he added.
Viruses Top Mischief List
According to the survey, total cybercrime losses in 2005 were $130.1 million.
More than 80 percent of those losses, the survey showed, were attributed to three forms of cybermischief: viruses, unauthorized access to computer systems and theft of proprietary information.
"Even though in many ways we've gotten a much better handle on how to handle your every day virus attack, nevertheless, that's still the top most pain point for the respondents to this survey," Richardson said.
Big Jumps
While average losses declined in most crime categories, surveyors found that they jumped alarmingly in two areas. Loss per incident of unauthorized access to information rose nearly sixfold, to $300,000 per incident in 2005 from $51,000 last year. The average loss per incident attributed to theft of proprietary information more than doubled year over year, to $360,000 from $168,000.
"Sixfold and twofold are large jumps," Richardson conceded, "but one thing to point out is that they started from a relatively small base.
"These jumps, while I think they're significant in terms of indicating where growth in the hacker industry, so to speak, is going on, the sixfold part of that information may not be as significant," he contended. "The more important thing to focus on is that those are the categories that are growing."
Tesh added that one reason that those categories may have increased dramatically is that companies have had to pay more attention to those areas due to increased regulation.
Low Hanging Fruit
Although cybercrime against businesses appears to be declining, Richardson postulated that some of that decline may be attributed to information highwaymen focusing their malevolent acumen elsewhere.
"If you think about where the pain in the security industry is right now and where the heat is around the media coverage and so forth, it's really focused right now on issues of theft of identity, phishing and pharming, essentially consumer-targeted fraud," Richardson said.
"The victims of these crimes, primarily, are the end users that have been duped into providing account information that's been used to steal the individual's money from their accounts," he observed. "Those thefts are not coming out of enterprise coffers.
"So, in a sense, the low-hanging fruit for hackers right now really may have shifted outside of the enterprise for the time being -- don't know if it will stay there -- but it may have shifted out more into the consumer arena," he reasoned.
Outsourcing a No-No
Although many companies are looking for ways to outsource almost anything, security isn't one of them, according to the survey. Some 63 percent of respondents said that no part of their security function was outsourced.
Surveyors also discovered that insurance wasn't a popular weapon in the corporate arsenal against cybercrime, with 75 percent of respondents eschewing underwriters.
"There's not a large buildout of cyberinsurance at this point," Richardson noted. "But it does seem that as a tool for managing residual risk, insurance is something that really needs to be in an information security professional's arsenal. So I expect to see that number to be ticking up over the years."
Poll: Public Perceives Net as Threat to Kids October 08, 2005
A growing awareness of the Internet is a major factor shaping parents' perceptions of the dangers lurking for kids in cyberspace. "Parents are learning more," Zone Labs General Manager Laura Yecies said. "Their kids are using it more so they're paying attention to it more."
Related Stories
Eyeing Expansion of PayPal, eBay Buys VeriSign Payment Gateway October 11, 2005
The effort to beef up PayPal is seen as a winner, not only because PayPal is widely seen as being in the best position to become the Web standard for micro-payments or credit-card alternative, but also because the deal helps service eBay's core auction and fixed-price commerce platform.
Check Point Acquires Sourcefire in $225 Million Deal October 07, 2005
To say that the security segment of technology is seeing heightened M&A activity may be an understatement. Basex CEO and chief analyst Jonathan Spira told TechNewsWorld there are two drivers in the current security M&A hustle: government regulations and a revelation of how insecure networks really are.
WLAN Switches Take Off Weight October 04, 2005
Fat access points are simpler to deploy than thin ones. Since the former come with all of the intelligence needed in an end point, users can take them out of their boxes, turn on the power, and have them running in a short period of time. Thin access points have a master/slave design, so more thought has to be put into their configuration.
Related News Alerts
More by John P. Mello Jr.
VMware Fuses Performance With Convenience November 16, 2009
Fusion 3.0, the latest virtualization app from VMware that lets Mac users run Windows alongside OS X, puts an emphasis on performance. VMware built it specifically to leverage the 64-bit capabilities of Snow Leopard with a new 64-bit native engine. Its Migration Assistant for Windows lets Mac switchers recreate their old Windows PC inside a Mac, file by file.
Mouse Meets Multi-Touch November 09, 2009
Apple's latest peripheral, the Magic Mouse, takes the concept of multi-touch that the iPhone and iPod touch popularized and merges it with a button-free mouse. As one's mouse is a direct point of contact between human and machine, any changes made to it can be a divisive issue. Some users love the new abilities Magic Mouse brings to the table; others just can't stand the thing.
Samsung Intrepid: Sleek Hardware Makes Up For Uncomfy OS November 09, 2009
Samsung has built its Intrepid smartphone with a solid set of hardware. Its physical keyboard is comfortable for thumb-typing, and its camera sports a number of advanced features for a phone cam. The Windows Mobile 6.5 OS it's saddled with can be uncomfortable and unintuitive at times, but it may be at least a familiar interface for the business users the Intrepid targets.
Headline Feeds
Talkback: 
