{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}



Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
© 2009 CCH. All Rights Reserved. Chapter 16 177 Chapter 16 Cybercrime Loss Valuations CHAPTER SUMMARY Overview There are several important reasons to quantify the loss from a cybercrime. One reason is to report the crime to law enforcement. Another reason for loss determination is for insurance purposes. Also, the victim may want a loss determination for internal purposes and at the same time, the victim may not want to report the crime to law enforcement or to fi le an insurance claim. Each case raises different issues the forensic investigator needs to consider in developing loss estimates. Attacks on Tangibles and Intangibles ¶16,001 Extent of the Problem The Computer Crime and Security Survey prepared by the Australian Computer Emergency Response Team (AusCERT) reports on losses and abuse sustained by respondents to its annual survey ( http:// www.auscert.org.au/ render.html?it—2001 ). The respondents represent a wide range of industry sectors including education, mining, and fi nancial organizations. The 2004 survey found: On average the losses were estimated at $98,685 for the sample. Infections from viruses, worms, and trojans were the most common form of attack and responsible for most of the losses. The highest reported loss in 2004 from these attacks for one respondent was $2,000,000. Most companies recovered from such attacks after seven days. Heavy scanning of the network and consequential degrading of services was also a factor for 41 percent of the respondents. 76 percent of the respondents were aware of at least one to fi ve attacks during the 2004 period. As would be expected, the source point for these attacks is the company’s point of Internet access. An increasing percent of the attacks in 2004 were believed to be conducted to use system resources for launching further attacks with anonymity. The respondents believed another major reason for these attacks was just to cause malicious damage. 88 percent of the attacks originated from outside the organization. 49 percent of respondents reported that losses arose from attacks on the con fi dentiality, integrity, or availability of information. Unpatched systems and inadequate staff training were reported as the major reasons for these problems. Beyond theft of proprietary information and fi nancial fraud, the survey collected loss information about those cybercrimes such as sabotaging data, telecom eavesdropping, outsider system penetration, insider abuse of net access, denial of service attacks, spoo fi ng, virus attacks, unauthorized insider access, telecom fraud, wiretapping, and laptop theft. All such criminal activities create losses and damages for business organizations. Experts and legislators have attempted to identify losses from such activities in various state and federal laws. These legal guidelines provide a starting point for the forensic accountant in determining a dollar value for losses due to cyber attacks. However, losses recognized for statutory purpose are likely to differ from values fi led under insurance claims. Therefore, each is considered in this chapter.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}