SAN MATEO (03/27/2000) - A new report shows that the cost of computer crime in the United States is rising dramatically, but even more alarming may be the increasing number of IT managers who aren't even sure if they have been a victim.
Last year, cyber attacks cost U.S. companies $266 million, according to a joint study by the Computer Security Institute (CSI) in San Francisco and the FBI Computer Intrusion Squad, in Washington. That's more than double the average annual losses for the previous three years, the report said.
Although 90 percent of survey respondents claimed to have uncovered various forms of security breaches in 1999, it is the large number of respondents who could not offer any type of answer that concerns CSI spokesman, Richard Power.
"Most companies couldn't give an educated guess whether or not they've been attacked. Many people simply don't know," Power said. He noted that in some cases, companies are employing just one security person to oversee 1,000 users.
Power added that despite receiving sporadic media attention, the threat of internal computer attacks made upon a company occurs just as often as external breaches.
In the report, 70 percent of CSI's 273 member organizations said they suffered serious attacks, including the theft of proprietary information, financial fraud, system penetration from outsiders, denial-of-service attacks and sabotage of data or networks. Financial losses in eight of 12 categories were larger than in any previous year.
The $266 million in verifiable losses claimed by respondents was more than twice the average annual total of $120 million reported from 1996 to 1998, the report concluded.
The sharp incline reflects poor security planning at critical development stages, said Chris Christiansen, an analyst at International Data Corp., in Framingham, Mass.
"I think last year was very evident that security was a reactive Band-Aid remedy for a core infrastructure problem," Christiansen said. "It's not a matter of how much money they lost, it is how much more money they would've made."