Each year the FBI (

 San
 Francisco Federal Bureau
 of Investigation's Computer Intrusion Squad

   ) http://www.fbi.gov/

   teams up with CSI (Computer Security Institute) http://www.gocsi.com/

   to produce an annual report on how much damage is being sustained from
   various computer security problems (not all threats are necessarily found
   in a single report, because of the manner in how the data is collected). 

   The 2006 report just came out.  It is free to download from the CSI web
   site, http://www.gocsi.com/

   but you gotta register with CSI to get a copy, and CSI has had at a very
   small security breach, with people who registered for a prior year
   report.  They sent out a form for a conference to their registered
   members, already filled out with registration details to make it easy for
   us to confirm, but they scrambled the mailing list, so that people
   generally got the details on other CSI customers.  I consider that a very
   trivial breach compared to what other organizations have sustained.

   The information in the survey may not be reproduced without permission
   from CSI, but some news media are sharing highlights, whose info I am
   passing on here, however some of the news stories seem contradictory, with
   respect to how they are interpreting the data.  ie. in this post I am
   taking info from what the news reports are saying, not directly from my
   copy of the report.

   The 30 page PDF report is downloaded from
   
http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml;jsessionid=MMNC3WAXXTVUMQSNDLPSKH0CJUNN2JVN

   I suggest that other list readers also get a copy of this, since it has a
   lot of key information not yet in the news reports.   In my opinion there
   are some  positive findings in the report with respect to trends, and
   while the number of companies surveyed might seem small, some of them are
   extremely large companies.  Also the report has good graphs to help us
   grasp implications.

   Findings include:
   * 616 companies participated in the latest survey.
   * 1/2 of them gave details on financial costs of losses, where the average
   loss was $ 167,713 (last year it was $203,606)
   * 3/4 of the financial losses are due to: virus attacks, unauthorized
   network access, laptop and mobile hardware theft, proprietary information
   / intellectual property theft.
   * Breaches are not as lucrative for crooks as in past years, with respect
   to how much they are getting directly from the companies breached
   * More than 80% of the surveyed companies now conduct security audits
   (meaning 1/5 are not doing so)
   * Companies resist reporting being victims of computer crimes ... many
   breaches still being swept under the rug
   * Government mandates and compliance issues are a hot topic.
   * Security outsourcing is not as prevalent in USA. as previously thought,
   although I consider the report figures to be significant
   * IT groups want to educate and train internally to mitigate risks.

   Several of the news media articles on this FBI CSI report:
   
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1199280,00.html

   
http://www.securitypronews.com/news/securitynews/spn-45-20060714CSIFBIReportonVirusAttacksandFinancialLosses.html

   
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-13-2006/0004396284&EDATE
   =

   http://www.crime-research.org/news/14.07.2006/2120/

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.