Internal Actions Cause More Security Violations than Viruses

The U.S. Computer Security Institute (CSI) conducted its annual Computer Crime and Security survey on 494 security staff from government agencies and US corporations and found that insider actions were experienced by 59% of the respondents, while 52% reported of stumbling on conventional virus in 2006. Among those who suffered a computer security breach, 46% of those surveyed said 'yes' compared to 53% in 2006 and 56% in 2005.

Around six in ten organizations revealed that insider crime was the most frequent security violation in 2007, while according to half of the surveyed, they had suffered from technology-related crime in 2006.

No hard conclusions from the survey were made by CSI. The CSI noted that vendors of security products have their own interest in promoting their business, including the threats, as the much pressed one for the companies to safeguard themselves from the threats. And this makes difficult to judge the seriousness of the threats.

The survey also pointed at the gradual integration of Internet-based attacks that merge the demarcating lines between consumer and company security that were earlier regarded as separate issues. According to the CSI Director, Robert Richardson, the main person behind the survey, the period when industry experts were worried and discussing about the growing stealth and sophistication in cyber attacks, the survey found about 200 respondents reporting significant loss of money due to such attacks in 2006. Tech Shout reported this on 17 September 2007.

The 2007 results strongly suggested that the rising threats have started to realize as increasing losses, Richardson added.

The number of companies reporting to law enforcement authorities about computer intrusions has been showing an upward trend that reverses a downturn during 2005-06. While 25% of the respondents reported a security incident to police in 2006, this percentage rose to 29% in the last 12 months, from September 2006 to September 2007.

The scenario of security concerns in U.S. organizations by CSI is rather complex, but it has the advantage of being 'independent' over the largely vendor-driven reports that litter the pages these days.

Related article: Internet Threat Volumes Overwhelm Security Companies

» SPAMfighter News - 10/3/2007