Computer security breaches on the rise, says FBI

Office Solutions, May/Jun 2006

Almost nine out of 10 companies had a computer security incident last year, according to a report from the FBI.

After a survey of over 2,000 companies, the FBI found that 87 percent of those polled admitted there had been some type of security attack. Within that group, 20 percent claimed they had been hit by 20 or more attacks.

The most common breaches were either a virus or spyware penetrating the corporate network. More advanced attacks, including data sabotage and port scans, were less frequent, according to the report.

The attacks came from 36 different countries, with the United States and China marked as the source of more than half the attempts, although masking technologies made it difficult to get an accurate reading.

The average cost per company as a result of the attacks was more than $24.000, with a total cost of $32 million. Viruses and worms accounted for $12 million of those losses.

Other surveys have attempted to pinpoint financial losses from network attacks, but estimates have ranged widely. The FBI believes its cost estimates are more accurate because of the large number of survey respondents.

The FBI said the survey is a clear sign of the urgent need for vigilance against network assaults.

Most of those surveyed said that they had installed new security updates and software following the incidents. But advanced techniques, such as biometrics and smart cards, were used infrequently, according to the report.

As companies are increasingly targeted by attackers, it's likely that enforcement efforts will grow as well to respond to the problem. "There are several investigations and initiatives underway by a number of enforcement agencies," says Chris Sonderby, chief of the U.S. Department of Justice's Computer Hacking and Intellectual Property Unit. "Stealing company resources or trying to break into a company's computers are felonies, and they will be treated as such."