CSO magazine has released the results of its 2006 E-Crime Watch survey, which reveals a decline in security events, yet an increase in the financial and operational losses caused by such electronic crime incidents.

The third annual survey of 434 security executives and law enforcement personnel was conducted in cooperation with the US Secret Service, Carnegie Mellon University Software Engineering Institute's CERT Coordination Center and Microsoft Corp.

According to findings, while the average number of security events per respondent continues to decline (34 in the last 12 months vs. 86 in 2005 and 136 in 2004), the impact of these crimes is increasing as reflected by both financial and operational losses. Sixty-three percent of respondents report operational losses as a result of e-crime, with 40 percent reporting financial losses (averaging $740,000 vs. $507,000 in 2005) and 23 percent reporting harm to their organization's reputation.

Survey results also show that while respondents continue to be most concerned with intruders from outside their organization (58 percent of events were reportedly committed by outsiders; 27 percent by insiders), the insider threat is getting worse. Of those organizations experiencing security events, the majority (55 percent) report at least one insider event (up from 39 percent the year prior).

As for the types of e-crime incidents, survey results reveal automated attacks like viruses, worms, and malicious code remain the most common form of e-crime with 72 percent of respondents reporting such incidents. Other common offenses include unauthorized access to or use of information systems or networks (60 percent), spyware (51 percent) and illegal generation of spam email (40 percent). While automated attacks have increased the number of incidents, targeted attacks are also on the rise with theft of proprietary information such as customer records reported by 36 percent, system sabotage by 33 percent and theft of intellectual property by 30 percent.

Preparedness and response:
The 2006 E-Crime Watch survey reveals the most effective e-crime fighting technologies include statefull firewalls (87 percent), electronic access or control systems (86 percent), password complexity (80 percent), network-based anti-virus (74 percent) and encryption (74 percent). The study also shows continued investment in security with respondent organizations spending an average of $20 million on IT security and $19 million on physical security.

Overall, the survey shows organizations have better visibility into what is going on in their enterprises and are better prepared to respond. The majority of respondents (69 percent) say they are more prepared to prevent, detect, respond and recover from cyber security threats to the organization than in the past year. At the same time, more than half (56 percent) are more concerned about those threats than they were a year ago.

Complete results are available at http://www2.csoonline.com/info/release.html?CID=24531

•Date: 7th September 2006• Region: US/World •Type: Article •Topic: ISM
Rate this article or make a comment - click here