If you’ve had some form of computer security incident in the past year,
you’re part of the majority.
According to the FBI’s just released 2005 Computer Crime Survey, 87
percent of respondents reported some form of computer security incident in
the past year.
To add insult to injury, the study found that respondents encountered nearly three different types of security
incidents, each of which occurred multiple times.
Viruses, worms and Trojans topped the list of leading reported security
incidents at nearly 84 percent. Spyware came in second at 79 percent and
port scans came in at 33 percent.
The approximate average dollar cost from
viruses was noted to be nearly $34,000.
By way of comparison, respondents of the
2005 CSI/FBI Computer Crime and Security Survey,
reported an average dollar loss from a security breach was $204,000 in 2004.
The CSI/FBI survey is a different
survey than the FBI Computer Crime Survey with a smaller number of
respondents.
It’s not all doom and gloom though.
According to the new survey results, Web site related security incidents are not nearly as prevalent as
one would think. Eighty-six percent claimed
they had not experienced a website related security incident.
In order to protect themselves against potential risks, users employed a number of security applications, including anti-virus (98
percent), firewall (91 percent, anti-spam (76 percent) and anti-spyware (75
percent).
Password security measures, which traditionally have been the weak link in IT security, were used by less than half of the survey
respondents. Only 47 percent of respondents had required period password
changes and 46 percent had password complexity requirement.
In response to security incidents, 73 percent of those surveyed installed network security
updates and 62 percent added computer security software. Only 9 percent
actually reported their computer security incident to a law enforcement
agency. Only 2 percent contacted a lawyer to seek some from of
legal solution.
“Interestingly, having more security measures did not mean a reduction in
attacks,” the FBI report states. “In fact there was a significantly positive
correlation between the number of security measures employed and the number
of Denial of Service (DoS) attacks.”
The report added: “it is likely that organizations that are
attractive targets of attacks are also most likely to both experience attack
attempts and to employ more aggressive computer security measures.”
The 2005 FBI Computer Crime Survey included responses from 2,006 respondents
to a 23 question survey.
