RealTime IT News

FBI: PC Crime is Common, Costly

If you've had some form of computer security incident in the past year, you're part of the majority.

According to the FBI's just released 2005 Computer Crime Survey, 87 percent of respondents reported some form of computer security incident in the past year.

To add insult to injury, the study found that respondents encountered nearly three different types of security incidents, each of which occurred multiple times.

Viruses, worms and Trojans topped the list of leading reported security incidents at nearly 84 percent. Spyware came in second at 79 percent and port scans came in at 33 percent.

The approximate average dollar cost from viruses was noted to be nearly $34,000.

By way of comparison, respondents of the 2005 CSI/FBI Computer Crime and Security Survey, reported an average dollar loss from a security breach was $204,000 in 2004.

The CSI/FBI survey is a different survey than the FBI Computer Crime Survey with a smaller number of respondents.

It's not all doom and gloom though.

According to the new survey results, Web site related security incidents are not nearly as prevalent as one would think. Eighty-six percent claimed they had not experienced a website related security incident.

In order to protect themselves against potential risks, users employed a number of security applications, including anti-virus (98 percent), firewall (91 percent, anti-spam (76 percent) and anti-spyware (75 percent).

Password security measures, which traditionally have been the weak link in IT security, were used by less than half of the survey respondents. Only 47 percent of respondents had required period password changes and 46 percent had password complexity requirement.

In response to security incidents, 73 percent of those surveyed installed network security updates and 62 percent added computer security software. Only 9 percent actually reported their computer security incident to a law enforcement agency. Only 2 percent contacted a lawyer to seek some from of legal solution.

"Interestingly, having more security measures did not mean a reduction in attacks," the FBI report states. "In fact there was a significantly positive correlation between the number of security measures employed and the number of Denial of Service (DoS) attacks."

The report added: "it is likely that organizations that are attractive targets of attacks are also most likely to both experience attack attempts and to employ more aggressive computer security measures."

The 2005 FBI Computer Crime Survey included responses from 2,006 respondents to a 23 question survey.