CSIsurvey2008

CSIsurvey2008 - 2008 CSI Computer Crime &...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 2008 CSI Computer Crime & Security Survey The latest results from the longest-running project of its kind By Robert Richardson, CSI Director For the 13 th year, CSI has asked its community how they were affected by network and computer crime in the prior year and what steps theyve taken to secure their organizations. Over 500 security professionals responded. Their answers are inside 2008 CSI Computer Crime and Security Survey 1 INTRODUCTION For several years, this surveyperhaps the most widely quoted set of statistics in the industryshowed a steady drop in average estimated losses due to cybercrime. It seemed counterintuitive to some experts, accustomed to seeing the worst of the crime thats out there. Last year the tide turned and respondents reported a significant upswing. Given the changes in the nature and severity of network-borne threats, this seemed only natural. This year the average losses are back down again. And thats puzzling, honestly. There seems little question that several sweeping changes in the overall state of IT practicescoupled with equally broad changes in the habits of the criminal worldare making significant, hard-hitting attacks easier and more lucrative for their perpetrators. What these results suggest, though, is that on most days at most organizations, the attacks are less imaginative than whats currently theoretically possible. Which, for the moment, is good news. 2008 CSI Computer Crime and Security Survey 2 Key Findings This years survey results are based on the responses of 522 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities. This is the 13th year of the survey. The most expensive computer security incidents were those involving financial fraud with an average reported cost of close to $500,000 (for those who experienced financial fraud). The second-most expensive, on average, was dealing with bot computers within the organizations network, reported to cost an average of nearly $350,000 per respondent. The overall average annual loss reported was just under $300,000. Virus incidents occurred most frequently occurring at almost half (49 percent) of the respondents organizations. Insider abuse of networks was second-most frequently occurring, at 44 percent, followed by theft of laptops and other mobile devices (42 percent). Almost one in ten organizations reported theyd had a Domain Name System incident up 2 percent from last year, and noteworthy, given the current focus on vulnerabilities in DNS. Twenty-seven percent of those responding to a question regarding targeted attacks said they had detected at least one such attack, where targeted attack was defined as a malware attack aimed exclusively at the respondents organization or at organizations within a small subset of the general business population....
View Full Document

This note was uploaded on 11/02/2009 for the course SIS 2150 taught by Professor Joshi during the Spring '09 term at Philadelphia.

Page1 / 31

CSIsurvey2008 - 2008 CSI Computer Crime &...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online