Attacks on computer networks using stolen user IDs and passwords can cause up to $10m (£5.27m) damage a time, an analysis of criminal prosecutions has revealed.
The study of attacks on computer networks prosecuted by the US Justice Department between 1999 and 2006 found that most attacks used stolen IDs and passwords.
The financial damage caused to organisations hit by the network criminals averaged more than $1.5m for each occurrence, with losses in the worst cases going up to $10m.
But the attacks could have been prevented in 84% of cases if device identification and authentication had been used in addition to user ID and passwords, the research commissioned by Phoenix Technologies from analyst firm Trusted Strategies found.
In 88% of cases, attackers had logged onto one or more privileged user accounts, using IDs and passwords obtained through password cracking programs, collusion with company insiders and other methods.
The report says, “Network attacks could have been prevented in 84% of all cases if the organisation had implemented protections. In other words, only requiring user IDs and passwords for network access to high-value information assets should no longer be considered adequate network security.”
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats