Companies losing more to Internet crime

Businesses using the Internet are losing more to online vandals and cybercriminals even though they're using more security technology, according to a new survey.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Businesses using the Internet are losing more to online vandals and cybercriminals even though they're using more security technology, concluded a survey released Monday.

The 2001 Computer Crime and Security Survey found that various cybercrimes accounted for $378 million in losses among the 186 companies that were able to quantify their damages in 2001. The damage figures take into account the losses in the previous year. That average of $2 million per company doubled the shortfall of the 249 businesses that responded in 2000.

"Big corporations are spread out all over the globe, and they are doing more business over the Internet," said Richard Power, editorial director of the Computer Security Institute, which published the survey. "It is not just e-commerce that's in danger but all the e-business going between companies."

The lion's share of the loss was to trade-secret thieves, financial fraudsters and the cost of cleanup after computer viruses. Theft of proprietary information alone cost the 186 companies $151 million in 2000.

While fewer than 200 companies could quantify their losses, 538 companies, government agencies and academic institutions answered the survey this year.

Stolen trade secrets may have accounted for almost half of the dollar losses, but the full survey found that computer viruses were the most common type of damaging attack. About 94 percent of organizations were damaged by computer viruses, 73 percent lost money to laptop theft, and 57 percent got knocked by insider Net abuse.

"Your e-commerce security can be really good, but if people's internal networks are insecure, it doesn't matter how good their other security is," said Power, who also authored "Tangled Web," a book that chronicles the current state of computer security.

Though attacks by online vandals didn't account for major dollar losses, the Internet has become a major source of attacks for most organizations, according to the survey. Organizations that found themselves the victim of attacks via the Internet increased from 38 percent in the 1996 survey to 70 percent in 2001. In the same period, the number of companies experiencing insider attacks fell, from 54 percent in 1996 to 31 percent in the 2001 survey.

Security services company Pilot Network Services had similar findings in its monthly Cyber Barometer report released Monday.

The Alameda, Calif.-based company saw more than 95 million probes of its clients' 70,000 networks in a single month, a 30 percent increase from the previous month.

Of those, potential attacks against Domain Name Services grew fivefold in the wake of a successful attack against Microsoft and the public acknowledgement of a widespread issue in the Berkeley Internet Name Domain software, a popular DNS package.

"E-business is at greater risk than ever to attackers, including anyone from 'script kiddies' to organized crime," said Keith Lowry, vice president of security operations at Pilot.

Both reports follow a posting from last week by the National Infrastructure Protection Center warning businesses of hacking and extortion attempts by organized crime figures in Russia.