Attacks on computer networks using stolen user IDs and
passwords can cause up to $10m (£5.27m) damage a time, an analysis
of criminal prosecutions has revealed.
The study of attacks on computer networks prosecuted by the US
Justice Department between 1999 and 2006 found that most attacks
used stolen IDs and passwords.
The financial damage caused to organisations hit by the network
criminals averaged more than $1.5m for each occurrence, with losses
in the worst cases going up to $10m.
But the attacks could have been prevented in 84% of cases if
device identification and authentication had been used in addition
to user ID and passwords, the research commissioned by Phoenix
Technologies from analyst firm Trusted Strategies found.
In 88% of cases, attackers had logged onto one or more
privileged user accounts, using IDs and passwords obtained through
password cracking programs, collusion with company insiders and
other methods.
The report says, “Network attacks could have been prevented in
84% of all cases if the organisation had implemented protections.
In other words, only requiring user IDs and passwords for network
access to high-value information assets should no longer be
considered adequate network security.”
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats