Language Selection

English French German Italian Portuguese Spanish

Cost of Computer Attacks Down

While the cost of fending off hackers appears to be dropping for U.S. companies, attacks that involved unauthorized access to information are becoming much more costly, according a survey published Thursday by the Computer Security Institute and the U.S. Federal Bureau of Investigation.

The survey, which included about 700 respondents from government and a variety of industries, found that the average losses related to computer attacks dropped by 61 percent in 2004. On average, companies reported that computer and network attacks cost them $204,000 last year, down from an average of $526,000 in 2003. The report did not explain how specific factors, such as loss of employee productivity or security consultant fees, contributed to these costs.

This marks the fourth consecutive year that this number has declined, said Robert Richardson, editorial director of the Computer Security Institute and a co-author of the report.

Part of the reason for the drop is the fact that companies have simply become better at protecting themselves, Richardson said. "For your run-of-the mill virus, your average organization has that under control," he said. "There's a very fast reaction on the part of antivirus vendors and there are automated pathways to update the virus data on enterprise networks."

ID Theft Increase

However, the cost of information theft jumped considerably in 2004. "To some degree, the heat of hacker activity has moved to identity theft," Richardson said.

The survey found that the average net loss attributable to unauthorized information access jumped from more than $51,000 in 2003 to more than $300,000 last year. Attacks that resulted in the theft of proprietary information cost companies more than $355,000 on average in 2004, up from $169,000 the previous year.

The Computer Security Institute's survey was done in conjunction with the San Francisco division of the Federal Bureau of Investigation's Computer Intrusion Squad. It canvassed about 700 CSI members in a wide variety of industries and government organizations. CSI is a San Francisco-based association of computer and network security professionals.

Given the demographics of the survey's participants, it's unsurprising that they're suffering less damage from attacks. "We ask people who care about security," Richardson said. "They care enough [about security] to be members of a professional organization, so my hunch is they're actually trying to get better at security."

The 2005 CSI/FBI Computer Crime and Security Survey, which reports data covering 2004, can be found at CSI's Web site.

By Robert McMillan
IDG News Service

More in Tux Machines

Intel's "Utter Garbage" Code Bricks and Delays Linux, Torvalds Furious

today's leftovers

  • 20 Years of LWN
    Back in mid-1997, your editor (Jonathan Corbet) and Liz Coolbaugh were engaged in a long-running discussion on how to trade our nice, stable, reliably paying jobs for a life of uncertainty, poverty, and around-the-clock work. Not that we thought of it in those terms, naturally. We eventually settled on joining Red Hat's nascent "support partner" program; while we were waiting for it to get started, we decided to start a weekly newsletter as a side project — not big and professional like the real press — to establish ourselves in the community. Thus began an amazing journey that has just completed its 20th year. After some time thinking about what we wanted to do and arguing about formats, we published our first edition on January 22, 1998. It covered a number of topics, including the devfs controversy, the pesky 2GB file-size limit on the ext2 filesystem, the use of Linux on Alpha to render scenes in the film "Titanic", the fact that Red Hat had finally hired a full-time quality-assurance person and launched the Red Hat Advanced Development Labs, and more. We got almost no feedback on this issue, though, perhaps because we didn't tell anybody that we had created it.
  •  
  • EzeeLinux Show 18.4 | Ubuntu 17.10 Revisited
    Canonical revised Ubuntu 17.10 with the new 17.10.1. Time to take another look…
  • PodCTL #22 – Highway to Helm
    One of the reasons that Kubernetes has gained so much traction in the marketplace is because it is flexible enough to allow innovation to happen all around the core APIs. One area where that has happened is in application package management, specifically with the Helm project.
  • LibreELEC Linux OS Will Get Meltdown and Spectre Patches with Next Major Release
    The development team behind the Kodi-based LibreELEC (Libre Embedded Linux Entertainment Center) open-source HTPC operating system for embedded systems and PCs released LibreELEC 8.2.3. LibreELEC 8.2.3 is the third maintenance update to the LibreELEC 8.2 "Krypton" series of the Just enough Operating System (JeOS), which is based on the Kodi 17 "Krypton" open-source and cross-platform media center. It's here a month after the LibreELEC 8.2.2 point release to address a few issues.
  • openSUSE 42.2 to Reach End-of-Life This Week
    The minor release of openSUSE Leap 42.2 will reach its End-of-Life (EOL) this week on Jan. 26. The EOL phase ends the updates to the operating system, and those who continue to use EOL versions will be exposed to vulnerabilities because these discontinued versions no longer receive security and maintenance updates; this is why users need to upgrade to the newer minor; openSUSE Leap 42.3. “We are very pleased with the reliability, performance and longevity of Leap,” said openSUSE member Marcus Meissner. “Both the openSUSE community and SUSE engineers have done a fantastic job with security and maintenance of the Leap 42 distribution; users can be confident that their openSUSE operating system is, and will continue to be, receiving bug fixes and maintenance updates until its End-of-Life.”
  • French Gender-Neutral Translation for Roundcube
    Here's a quick blog post to tell the world I'm now doing a French gender-neutral translation for Roundcube.
  •  
  • This Oil Major Has a Supercomputer the Size of a Soccer Field
    Big Oil is now Big Tech. So big, in fact, that Eni SpA’s new supercomputer is the size of a soccer field. In the multimillion-dollar pursuit of the world’s most powerful computers, the Italian explorer says it’s taken the lead. Its new machine, located outside Milan, will scan for oil and gas reservoirs deep below the Earth over thousands of miles. “This is where the company’s heart is, where we hold our most delicate data and proprietary technology,” Eni Chief Executive Officer Claudio Descalzi said in an interview on Thursday.

Compilers and CLI: LLVM, GCC and Bash

KDE/GNOME: Usability and Productivity, Krita Interview, GNOME Builder

  • This week in Usability and Productivity, part 2
    This is your weekly status update for the KDE community’s progress in the Usability and Productivity initiative. KDE contributors have been busy, and here’s a sampling of features, improvements, and bugfixes relevant to the initiative that KDE developers landed over the past week-and-a-half...
  • Interview with Baukje Jagersma
    How and when did you get to try digital painting for the first time? Probably when I first discovered Deviantart. I was already familiar with GIMP, which I used to create photo-manipulations with. But seeing all the amazingly talented artists on there made me want to try out digital painting for myself.
  • Builder happenings for January
    I’ve been very busy with Builder since returning from the holidays. As mentioned previously, we’ve moved to gitlab. I’m very happy about it. I can see how this is going to improve the engagement and communication between our existing community and help us keep new contributors. I made two releases of Builder so far this month. That included both a new stable build (which flatpak users are already using) and a new snapshot for those on developer operating systems like Fedora Rawhide.