Slashdot Mirror
FBI Says Computer Crime Costs Billions Every Year
JamesAlfaro wrote to mention a C|Net article putting a pricetag on computer crime. From the article: "The FBI calculated the price tag by extrapolating results from a survey of 2,066 organizations. The survey, released Thursday, found that 1,324 respondents, or 64 percent, suffered a financial loss from computer security incidents over a 12-month period. The average cost per company was more than $24,000, with the total cost reaching $32 million for those surveyed. Often survey results can be skewed, because poll respondents are more likely to answer when they have experienced a problem. So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent. "
Who responded to this survey? The accountants? The lawyers? The CFO? The CIO? I'm not saying that computer crime doesn't cost a whole lot of money. I'm just wary of reports like this, especially when the total is arrived at via simple straightline extrapolation from their 1300 respondents. This is simply a report designed to paint a bad picture so that they can secure extra funding for things like "online surveillance."
Perhaps the problem is that companies aren't putting enough money into their security and not enforcing strict enough protocol among their staff. How many viruses felt by businesses do you assume were caused by a stupid employee? This could take the form of lazy tech staff, or even the assistant downloading something to pass the time. Then there is also the fact that alot of smaller businesses I have experience with do not have an employee that can properly setup and maintain the businesses networks and desktops. How much money are these companies spending on techie staff to remove stuff that otherwise could be done by any teenager who has experience with computers.
The number is huge, however the issue behind it I feel is being avoided and unseen. Businesses need a better method of using computers, perhaps a more business friendly OS. From the article, "Some are very small businesses that should have that technology, but they don't," and this is the problem. We won't be able to stop people from trying to bring down software and networks, however businesses can become more competent on how to prevent and protect.
do.what.promptcmds
I believe the FBI is correct, but I also believe that one should lock the door to their houses, offer potential robbers the thought that the family might be armed, get a decent alarm and security company and insure their belongings for the maximum amount.
My IT business makes about 40% of its income dealing with security issues. We have to turn new business away usually, as most new customers that we go visit are so insecure it isn't even funny. With insecurity comes more than just data theft but spyware and viruses and the rest, as we all know. It amazes me how many companies leave their homes unlocked, the lights on, the alarm off, and a big sign on the front steps saying "Come and get it!"
The solution to computer crime isn't using the FBI -- I'd like to turn their offices off and throw out the key. The solution to computer crime is:
1. Developing a good infrastructure and upgrade cycle
2. Commit to teaching users proper ways to set up their data and desktops
3. Purchasing security sofware and services from companies that do the best job finding the holes and plugging them.
Is the law useful? Not one bit. Most companies aren't going to bother suing civilly for damages, and no one wants to bother calling the cops. The chalk line around your stolen data isn't very useful. Get a good consultant, pay them well, and make them back it up with guarantees. Problem solved.
Word to the wise:
Next time someone says "XXX Trend is costing us YYY dollars every year", it's probably going to be followed up with "Therefore we should spend ZZZ dollars dealing with it."
XXX = overstated threat
YYY = some made up figure
ZZZ = profit
Now that even the FBI can put a quantifiable sum of money on this may we please begin dismembering the EULA which makes this such an enormous problem?
"We'll just create this broken product... and let everyone else deal with the billions of lost dollars which it causes."
fast as fast can be. you'll never catch me.
Why? Because that seemed like a good number? This inexplicable change causes me to question the validity of the whole study.
The world will not get better through technology. We must seek to be better people.
In old school government thinking, you're not supposed to "get rich off the government" as an employee. The government would often rather spend $2B for a stealth bomber that carries nuclear bombs, but will pinch pennies on the salary of the pilot of the bomber. The reality is that it costs the tax payers less to pay $80,000 starting out for a qualified security official, and let them retire making $200-$250K/year than it does to hire a less competent one at $45,000/year. The better qualified, better paid one will be more effective if not hampered by management and more crimes will get punished, reducing the reward for crimes of this nature, thus decreasing the amount of money that has to be spent on prison and other costs in the long run.
Ultimately, you get what you pay for is a fundamental law of life. If you're not willing to pay well, the people that have the skills won't sign up for the job unless the economy is dying and they're desperate.
"FBI Says MS-Windows Costs Billions Every Year due to negligence." That's what they *should* say, but nooo.
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
More money is blown into similar activities under the cover of "fighting terror".
With the difference that in that crime people die.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Did they include the NSA's illegal wiretaps in that tally?
"So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent."
We realized the data was completely meaningless. So we pulled a number out of our arse and decided that made the results accurate and meaningful.
to three things
1, coders inablility to write code that is secure
2, admins inablility to secure their infrastructure.
3, admins not being knowledgible enough to monitor and handle hacking attempts.
The idea of passing new laws to "prevent" such crime is stupid. Kill as many flies as you can, there will still be flies to bother you.
But get a good repellant, and the flies dont bother you any more.
It sounds like a lot, but $24,000 is substantially less than the cost of 1 IT staff. Besides, it's not mentioned how large these companies are (on average). For a 1 person operation $24,000 is a lot, for a Fortune 500 company with hundreds/thousands of employees, it isn't.
SCO employee? Check out the bounty
Often survey results can be skewed, because poll respondents are more likely to answer when they have experienced a problem. So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent.
So basically they think their method of obtaining information is flawed, they have no idea by how much, but since 64% "feels" too high the decide to create a whole new number out of the blue that was felt to be subjectively acceptable to the committee.
Wow who funded THAT?
Seven puppies were harmed during the making of this post.
This isn't really news. It seems like the numbers are just pretty much made up. They knew that the polling was completely inaccurate, so they just decided to change the number from 64 to 20. This number has no more meaning than one made up entirely randomly.
I'd guess that most companies are losing more money due to stolen office supplies than computer crime. I get annoyed at computer crime being treated as some magical force, as if it is some how different from every other sort of crime.
Politicians repeat after me: "Computers are not Magic!, Computers are not Magic!"
Big ones, small ones, some as big as yer 'ead!
Give 'em a twist, a flick o' the wrist...