Internet crime sprees getting more costly

New survey shows that more money is being lost to online vandals and cybercriminals, even with upgraded security technology

Businesses using the Internet are losing more to online vandals and cybercriminals even though they're using more security technology, concluded a survey released Monday.

The 2001 Computer Crime and Security Survey found that various cybercrimes accounted for $378m in losses among the 186 companies that were able to quantify their damages in 2001. The damage figures take into account the losses in the previous year. That average of $2m per company doubled the shortfall of the 249 businesses that responded in 2000.

"Big corporations are spread out all over the globe, and they are doing more business over the Internet," said Richard Power, editorial director of the Computer Security Institute, which published the survey. "It is not just e-commerce that's in danger but all the e-business going between companies."

The lion's share of the loss was to trade-secret thieves, financial fraudsters and the cost of cleanup after computer viruses. Theft of proprietary information alone cost the 186 companies $151m in 2000.

While fewer than 200 companies could quantify their losses, 538 companies, government agencies and academic institutions answered the survey this year.

Stolen trade secrets may have accounted for almost half of the dollar losses, but the full survey found that computer viruses were the most common type of damaging attack. About 94 percent of organisations were damaged by computer viruses, 73 percent lost money to laptop theft and 57 percent got knocked by insider Net abuse.

"Your e-commerce security can be really good, but if people's internal networks are insecure, it doesn't matter how good their other security is," said Power, who also authored Tangled Web, a book that chronicles the current state of computer security.

Though attacks by online vandals didn't account for major dollar losses, the Internet has become a major source of attacks for most organisations, according to the survey. Organisations that found themselves the victim of attacks via the Internet increased from 38 percent in the 1996 survey to 70 percent in 2001. In the same period, the number of companies experiencing insider attacks fell, from 54 percent in 1996 to 31 percent in the 2001 survey.

Security services company Pilot Network Services had similar findings in its monthly Cyber Barometer report released Monday.

The company saw more than 95 million probes of its clients' 70,000 networks in a single month, a 30 percent increase from the previous month.

Of those, potential attacks against Domain Name Services grew fivefold in the wake of a successful attack against Microsoft and the public acknowledgement of a widespread issue in the Berkeley Internet Name Domain software, a popular DNS package.

"E-business is at greater risk than ever to attackers, including anyone from 'script kiddies' to organised crime," said Keith Lowry, vice president of security operations at Pilot.

Both reports follow a posting from last week by the National Infrastructure Protection Centre warning businesses of hacking and extortion attempts by organised crime figures in Russia.

Take me to Hackers

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read what others have said.