Reflections – CSI Computer Crime and Security Survey 2007

• Almost one-fifth (18 percent) of those respondents who suffered one or more kinds of security incident further said they’d suffered a “targeted attack,” defined as a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.

• Financial fraud overtook virus attacks as the source of the greatest financial losses. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. If separate categories concerned with the loss of customer and proprietary data are lumped together, however, then that combined category would be the second-worst cause of financial loss.

Another significant cause of loss was system penetration by outsiders.

• Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software)
edged out virus incidents as the most prevalent security problem, with 59 and 52 percent of respondents reporting each respectively.

• When asked generally whether they’d suffered a security incident, 46 percent of respondents said yes, down from 53 percent last year and 56 percent the year before.

• The percentage of organizations reporting computer intrusions to law enforcement continued upward after reversing a multi-year decline over the past two years, standing now at 29 percent as compared to 25 percent in last year’s report.

The statistic that really impressed me was the Types of Attacks/Misuse Detected in the Last 12 Months. Positively enough, Viruses continue on their fast descent as the slope gets steeper each year. However, as Insider Abuse appeared to be under control these last two years, it has spiked back up to a substantial 59%.

In the Top 5 we can also find Laptop Theft, Phishing and IM.

You can download the survey in PDF format, here.


Best wishes for 2008!