Home News Stories 2005 July The Current State of Computer Network Security - 2005 FBI/CSI Survey
Info
This is archived material from the Federal Bureau of Investigation (FBI) website. It may contain outdated information and links may no longer function.
 

The Current State of Computer Network Security - 2005 FBI/CSI Survey

Calling All Business Professionals
What’s the Current State of Computer Network Security?

07/25/05

2005 FBI/CSI Survey cover

Thanks to the Computer Security Institute (CSI), we have some pretty good answers to that question.

Please read below for highlights from the 2005 CSI/FBI Computer Crime and Security Survey, based on responses from 700 U.S. corporations, government agencies, financial and medical institutions, and universities. This is our 10th annual survey in the information security field and, after reading it, we urge you to report to us any and all computer intrusions your company may experience.

1. Total financial losses from attacks have declined dramatically. Down 61% on a per-respondent basis from last year, but still reportedly $130M. What kinds of attacks? Virus attacks are #1; unauthorized access is #2; theft of proprietary information #3; and denial of service attacks a distant #4.

2. Attacks on computer systems or (detected) misuse of these systems have been slowly but steadily decreasing in all areas. Exception to the rule: a slight increase in the abuse of wireless networks.

3. Defacements of Internet websites have increased dramatically. 95% of organizations experienced more than 10 website incidents in 2004.

4. “Inside jobs” occur about as often as external attacks. The lesson is—anticipate attacks from all quarters.

5. Organizations largely defend their systems through firewalls, anti-virus software, intrusion detection systems, and server-based access control lists. Use of smart cards and other one-time password tokens increased, while use of intrusion prevention systems decreased.

6. More organizations are conducting security audits to serve as a baseline for a meaningful security program. 87% had conducted one.

7. Computer security investments per employee vary widely. State governments lead the pack at $497, followed, in descending order, by utilities, transportation, telecommuications, manufacturing, and high tech down to the federal goverment at $49.

8. Despite continuing discussion, there has been no increased use by organizations of outsourcing cybersecurity or using insurance to manage risks.

All good things to mull as you’re reviewing your own computer network security. But please keep in mind we’ve only given you highlights. To get all the details, we encourage you to read the full report.

Resources: FBI InfraGard program | Reporting Internet Crime

 

07.13.10

07.13.10

 
Accessibility | eRulemaking | Freedom of Information Act | Legal Notices | Legal Policies and Disclaimers | Links | Privacy Policy | USA.gov | White House
FBI.gov is an official site of the U.S. government, U.S. Department of Justice