Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Says Computer Crime Costs Billions Every Year

Posted by Zonk on from the that's-a-pricy-meatball dept.

JamesAlfaro wrote to mention a C|Net article putting a pricetag on computer crime. From the article: "The FBI calculated the price tag by extrapolating results from a survey of 2,066 organizations. The survey, released Thursday, found that 1,324 respondents, or 64 percent, suffered a financial loss from computer security incidents over a 12-month period. The average cost per company was more than $24,000, with the total cost reaching $32 million for those surveyed. Often survey results can be skewed, because poll respondents are more likely to answer when they have experienced a problem. So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent. "

9 of 142 comments (clear)

  1. Questions? by Anonymous Coward · · Score: 4, Insightful

    Who responded to this survey? The accountants? The lawyers? The CFO? The CIO? I'm not saying that computer crime doesn't cost a whole lot of money. I'm just wary of reports like this, especially when the total is arrived at via simple straightline extrapolation from their 1300 respondents. This is simply a report designed to paint a bad picture so that they can secure extra funding for things like "online surveillance."

    1. Re:Questions? by Anonymous Coward · · Score: 5, Informative

      At the company I used to work at (Small to Med Cap Engineering firm), I got a copy of this letter asking me (as the head IT guy, we didn't have a CIO) to fill out the online form.

      I filled it out, and really I used numbers off the top of my head. We really never had actual security breeches by hackers, but they were asking for an aggregate of security incidents and measures. I included budgetary expenditures for preventative as well as reactionary security.

      I've filled out surveys like this for Gartner and others and I have to say, while the overall methodology followed norms, I really did not get a sense that they had much of a clue as to what the IT industry would classify as loss related to computer crime. Under their model, as I understood it - if you had to buy anti-virus software, that was a business loss due to cybercrime!

    2. Re:Questions? by samkass · · Score: 4, Insightful

      I think Mitnick made the point that he was accused of causing many millions of dollars in damages, but these (public) companies did not list such a charge on their quarterly reports. In fact, I have yet to see hacker damage appear on any quarterly report, including the more recent ones under the stricter Sarbanes-Oxley rules. So what's happening? Is this being overblown, or are companies mis-representing the damage to shareholders?

      --
      E pluribus unum
  2. The Real Data and CSI Links by eldavojohn · · Score: 5, Informative

    This article doesn't even mention the Computer Security Institute (CSI), the organization which conducts and publishes these surveys. The FBI allows them use of crime databases and is just presented the end result. On top of that, they present you with one graph and label it as referenced from the "Computer Crime Survey" when, in fact, this survey also had to do with security and is entitled 2005 Computer Crime and Security Survey. I believe you'll find a wealth of information in that PDF as it contains many graphs that break down respondents of crimes, average security expenditures, types of attacks, etc. If you're interested in what constitutes a "computer crime," check out the policy and sample cases (some amusing) as we all know that what is and isn't illegal with computers can get very fuzzy very fast.

    I think this is a case of CSI running a survey and doing a damn fine job on the support but the media (and Slashdot) feel that FBI is better news than CSI.

    --
    My work here is dung.
  3. Some Guy says computer crime creates jobs by dada21 · · Score: 5, Insightful

    I believe the FBI is correct, but I also believe that one should lock the door to their houses, offer potential robbers the thought that the family might be armed, get a decent alarm and security company and insure their belongings for the maximum amount.

    My IT business makes about 40% of its income dealing with security issues. We have to turn new business away usually, as most new customers that we go visit are so insecure it isn't even funny. With insecurity comes more than just data theft but spyware and viruses and the rest, as we all know. It amazes me how many companies leave their homes unlocked, the lights on, the alarm off, and a big sign on the front steps saying "Come and get it!"

    The solution to computer crime isn't using the FBI -- I'd like to turn their offices off and throw out the key. The solution to computer crime is:

    1. Developing a good infrastructure and upgrade cycle
    2. Commit to teaching users proper ways to set up their data and desktops
    3. Purchasing security sofware and services from companies that do the best job finding the holes and plugging them.

    Is the law useful? Not one bit. Most companies aren't going to bother suing civilly for damages, and no one wants to bother calling the cops. The chalk line around your stolen data isn't very useful. Get a good consultant, pay them well, and make them back it up with guarantees. Problem solved.

  4. Who knows what else the FBI says... by Anonymous Coward · · Score: 5, Insightful

    Word to the wise:

    Next time someone says "XXX Trend is costing us YYY dollars every year", it's probably going to be followed up with "Therefore we should spend ZZZ dollars dealing with it."

    XXX = overstated threat
    YYY = some made up figure
    ZZZ = profit

  5. WTF, why 64% to 20% Why not 21% or 19%? by Doug+Dante · · Score: 5, Insightful
    "Often survey results can be skewed ... the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent. "

    Why? Because that seemed like a good number? This inexplicable change causes me to question the validity of the whole study.

    --
    The world will not get better through technology. We must seek to be better people.
  6. And why the cops will always be behind by MikeRT · · Score: 4, Insightful

    In old school government thinking, you're not supposed to "get rich off the government" as an employee. The government would often rather spend $2B for a stealth bomber that carries nuclear bombs, but will pinch pennies on the salary of the pilot of the bomber. The reality is that it costs the tax payers less to pay $80,000 starting out for a qualified security official, and let them retire making $200-$250K/year than it does to hire a less competent one at $45,000/year. The better qualified, better paid one will be more effective if not hampered by management and more crimes will get punished, reducing the reward for crimes of this nature, thus decreasing the amount of money that has to be spent on prison and other costs in the long run.

    Ultimately, you get what you pay for is a fundamental law of life. If you're not willing to pay well, the people that have the skills won't sign up for the job unless the economy is dying and they're desperate.

  7. Sarcastic question by Guppy06 · · Score: 5, Insightful

    Did they include the NSA's illegal wiretaps in that tally?