Is there a security problem in computing?

Computer Crime

• Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last twelve months. (2002 CSI/FBI Computer Crime and Security Survey - http://www.gocsi.com/press/20020407.html)
• Eighty percent acknowledged financial losses due to computer breaches.(2002 CSI/FBI Computer Crime and Security Survey)
• Forty-four percent (223 respondents) were willing and/or able to quantify their financial losses. These 223 respondents reported $455,848,000 in financial losses. (2002 CSI/FBI Computer Crime and Security Survey)
• As in previous years, the most serious financial losses occurred through theft of proprietary information (26 respondents reported $170,827,000) and financial fraud (25 respondents reported $115,753,000). (2002 CSI/FBI Computer Crime and Security Survey)
• For the fifth year in a row, more respondents (74%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (33%). (2002 CSI/FBI Computer Crime and Security Survey)
• Thirty-four percent reported the intrusions to law enforcement. (In 1996, only 16% acknowledged reporting intrusions to law enforcement.) (2002 CSI/FBI Computer Crime and Security Survey)
• computer fraud in the U.S. alone exceeds $3 billion each year
• computer fraud in the U.K. exceeds 2.5 £ billion each year
• less than 1% of all computer fraud cases are detected
• over 90% of all computer crime goes unreported
• "Although no one is sure how much is lost to EFT crime annually, the concensus is that the losses run in the billions of dollars. Yet few in the financial community are paying any heed."
• average computer bank theft amounts to $1.5 million
• Over 25% of all Fortune 500 corporations have been victimized by computer crime with an average loss of $2-10 million
• total estimated losses due to computer crime range from $300 million to $500 billion per year
• "Computer-related crime has been escalating at a dramatic rate"
• "Computer crimes continue to grow and plague companies"
• "Computer crime is almost inevitable in any organization unless adequate protections are put in place."

  ---

• FAA Hacked - contributed by Black Adder (Apr 26, 2002 3:27 pm EST)
  "Earlier this week an FAA system was penetrated by hackers who were able to download unpublished information on airport passenger screening activities, federal officials confirmed Thursday."
  SECURITY NEWS NETWORK - http://www.l0pht.com/security_news/
• MSNBC DoSed - contributed by Paul Kvanvig (Apr 25, 2002 5:28 pm EST)
  "There has been a decrease in successful Denial of Service attacks against major Internet sites since the widely publicized attacks against Yahoo, Amazon, and Microsoft in 2000 and 2001. However, this morning MSNBC was unavailable due to a SYN flood attack."
  SECURITY NEWS NETWORK - http://www.l0pht.com/security_news/
• Ten New IIS Vulnerabilities Patched - contributed by Black Adder (Apr 15, 2002 6:23 pm EST)
  "Ten different vulnerabilities within different versions of Microsoft's Internet Information Server were addressed Thursday by three patches from Microsoft. The most serious vulnerability would allow a malicious attacker to gain unauthorized access to a system running the IIS server."
  SECURITY NEWS NETWORK - http://www.l0pht.com/security_news/
• FBI Survey Uncovers Tight Lips - contributed by Stephen Scharf (Apr 9, 2002 11:03 am EST) "A survey recently released by the FBI claims that 90% of respondents have be the victim of malicious activity, while only 34% reported such activity to legal authorities. Given the bad press that often follows an electronic break-in, most organizations prefer to deal with these issues internally, rather than open themselves up to a potential public relations nightmare. Because of this common practice, it is nearly impossible to accurately calculate how many companies become victimized each year."
  SECURITY NEWS NETWORK - http://www.l0pht.com/security_news/

Computer Viruses

• Five years ago, the chance you'd receive a virus over a 12-month period was about 1 in 1000; today, your chances have dropped to about 1 in 10. - CNN.com
• A survey of over 500 companies and government agencies in the U.S. and Canada shows that 85% found at least one virus on their PCs last year.(2002 CSI/FBI Computer Crime and Security Survey)
• The "I Love You" virus has reportedly crippled government computers and infected tens of millions of computers. - ABC News Site
• The "Love Bug" virus destroyed graphics and files, downed operating programs and stole passwords from an estimated 65% of US companies - JSOnline
• 'More than 62,000 virus threats exist today' - McAfee Site - August 2002
• Creator of Melissa Computer Virus Sentenced to 20 Months in Federal Prison

Natural Disasters

• millions of dollars of damage resulted from the 1989 San Francisco earthquake
• The fire at Subang International Airport knocked out the computers controlling the flight display system. A post office near the DCA computer room was also affected by the soot which decommissioned the post office counter terminals. According to Ibrahim, the computers were not burnt but crashed because soot entered the hard disks.

Negligence

• over 85% of the destruction of valuable computer data involves inadvertant acts

Please mail any comments about this page to summers_wayne@ColumbusState.edu