Many sources have commented on the latest Computer Security Institue (CSI) survey, which was done in cooperation with the FBI. These surveys are quite interesting but I question the methodology used by the various respondents to the survey to get their answers.
For example the survey counts non work related web surfing as a Cyber Crime. It specifies that in the past year the average cost per respondent has gone from $357,160 to $536,000 a year. The survey claims the two main issues here being productivity and liability. While I can definitely see liability as being a potential issue, I'm quite unsure of the methods they use to quantify their loss of productivity. Howabout the increase of productivity of employees who are happy because their employer doesn't chose to treat them like children.
Another area that might raise a few eyebrows is the losses based on theft of proprietary information. The report says that respondents reported a total loss of $170,827,000 last year. Yet only 20% of respondents reported such infractions. Granted these can be serious issues, however the Tech industry has a history of overreporting the value of such crimes. Just remember the Kevin Mitnick case where companies such as Sun, Nokia etc. made outrageous claims on losses caused by him.
Much more serious in my view is Financial Fraud. The survey states that 12% of respondents had a loss on average of $957,384. Most of this from what I can acertain is basically traditional credit card fraud. However I do believe we will see a growth over the next year or two in losses based on investment banking systems. Just imagine how much money could be made if someone managed to create large false trades or spread disinformation on trade/news feeds. Not covered under Financial Fraud but equally an issue would be the cost of DOS attacks targeted at realtime trade feeds.
2:23:19 PM  comment []
|
