A survey released by the Computer Security Institute (CSI) and the U.S. Federal Bureau of Investigation (FBI) shows that incidents of unauthorized use of computer systems declined in the last year, continuing a trend that began in 2001, according to a copy of the survey released Thursday.
According to the 2004 Computer Crime and Security Survey, 53 percent of the 494 U.S. computer security practitioners acknowledged the unauthorized use of a computer in their organization in the last 12 months, the smallest percentage recorded since 1999. The survey, which was conducted by CSI with the San Francisco FBI’s Computer Intrusion Squad, also found that denial of service (DoS) attacks were the most costly for organizations and that fewer organizations are reporting computer intrusions to law enforcement.
The survey polls security experts in U.S. corporations, government agencies, universities, financial and medical institutions about a wide range of security issues. This is the ninth year that CSI and the FBI have released the survey.
In addition to a decrease in unauthorized access to computer systems, the number of respondents who said that there was no unauthorized access to a computer in their organization increased in the last year to 35 percent, and only 11 percent of those polled said they did not know if there was any unauthorized use of a machine.
New questions in this year’s survey revealed that 15 percent of respondents reported that wireless networks at their organization had been abused and 10 percent experienced the misuse of public Web applications.
DoS attacks were, by far, the most costly, when measured in dollars, according to the survey. The total losses from DoS attacks in the last 12 months was reported to be US$26 million by those responding to the survey. Theft of proprietary information was the next most costly type of attack, with $11.4 million in total losses reported.
Total losses due to the top 12 kinds of security incidents for the last 12 months were $141.4 million.
The CSI-FBI poll follows another, similar survey by CSO magazine, the results of which were released on Wednesday.
That survey, of 476 chief security officers (CSOs) and senior security executives, found that 15 percent of those responding to the survey said that their employer lost or had critical documents or corporate information copied without authorization in the last year. Almost one quarter of those responding to the CSO survey said they could not be sure whether such losses had occurred at their company.