Hack attacks down on last year, says survey

A survey released by the Computer Security Institute (CSI) and the US Federal Bureau of Investigation showed that incidents of...

A survey released by the Computer Security Institute (CSI) and the FBI showed that incidents of unauthorised use of computer systems had declined in the past year, continuing a trend which began in 2001.

According to the 2004 Computer Crime and Security Survey, just 53% of the 494 US computer security practitioners acknowledged the unauthorised use of a computer in their organisation in the past 12 months, the smallest percentage recorded since 1999.

The survey, which was conducted by CSI with the FBI's Computer Intrusion Squad, also found that denial-of-service attacks were the most costly for organisations and that fewer organisations are reporting computer intrusions to law enforcement.

The survey polls security experts in US corporations, government agencies, universities, financial and medical institutions about a wide range of security issues. This is the ninth year that CSI and the FBI have released the survey.

In addition to a decrease in unauthorised access to computer systems, the number of respondents who said that there was no unauthorised access to a computer in their organisation increased in the past year to 35%, and only 11% of those polled said they did not know if there was any unauthorised use of a machine.

In this year's survey, it revealed that 15% of respondents reported that wireless networks at their organisation had been abused and 10% experienced the misuse of public web applications.

DoS attacks were, by far, the most costly. The total losses from DoS attacks in the past 12 months was reported to be $26m by those responding to the survey. Theft of proprietary information was the next most costly type of attack, with $11.4m in total losses reported.

Total losses as a result of the top 12 kinds of security incidents for the past 12 months were $141.4m.

The CSI-FBI poll follows a similar survey by CSO magazine.

That survey, of 476 chief security officers and senior security executives, found that 15% of those respondants said that their employer lost or had critical documents or corporate information copied without authorisation in the last year.

Almost a quarter of those responding to the CSO survey said they could not be sure whether such losses had occurred at their company.

Paul Roberts writes for IDG News Service

Read more on IT risk management