In The News
RECENT STATISTICS

Security incidents in 2003 on pace to increase 86 percent over 2002

Brazil leads the world as the source for digital attacks. Through September 2003, more than 95,000 digital attacks have originated from Brazil, far more than any other country. Turkey is second on the list at 14,795 attacks, followed by the United States (2,995 attacks), Indonesia (2,360 attacks) and Egypt (2,365 attacks).

-- CSO Magazine CSO Update - What's New on CSOonline.com
10-1-03

August 2003 viruses, along with overt and covert hacker attacks, caused $32.8 billion in economic damages, according to a new report from mi2g, a digital risk assessment company based in London. Mi2g also notes that the Sobig virus alone accounted for $29.7 billion of economic damages worldwide.
 
 ''August 2003 will be remembered as one of the worst months in the history of computer security,'' says Belthoff. ''The Sobig-F worm clogged up inboxes and crippled networks with the sheer volume of email traffic it produced. Users and companies should remain on guard and put systems in place to protect against future attacks.''
--Datamation – Sharon Gaudin, author

Other Relevant Statistics

  • Extinction - Today 43% of companies that lose vital data don't reopen, and 29% close within two years.
  • Employee error - 32% of data loss is a result of employee error.
  • Virus - Viruses account for 7% of data loss. Data is often irretrievably lost or corrupted.
  • Unauthorized access - Hackers and renegade employees gain unauthorized access and leave companies liable for security breaches and data loss.
  • Natural disaster - 3% of data loss is from natural disasters. Imagine being unable to use your business or customer records for an extended period.

IN THE NEWS

Most Companies Have Cyber-Risk Gaps in Their Insurance Cover Coverage, States the Insurance Information Institute
"Unfortunately, most companies are operating in a 21st century threat environment with 20th century insurance coverage," states John Spagnuolo, cyber expert for the Insurance Information Institute (I.I.I.). "The dynamics of risk management have changed with technology." According to a recent Ernst & Young survey of 1,400 organizations in its 2003 Global Information Security Survey, only seven percent of respondents knew they had a specific insurance policy geared to this network and cyber-risk. Nearly a third (33 percent) thought they had coverage they actually lacked. Another 34 percent knew they lacked such coverage, while 22 percent didn't know the answer. Ernst & Young characterized the fact that only 7 percent of surveyed companies had cyber insurance as "astonishingly low, given the risk environment and the fact that general policies don't provide such coverage."

The Computer Security Institute (CSI), in cooperation with the Computer Intrusion Squad of the San Francisco Federal Bureau of Investigation (FBI), released the results of its 2003 Computer Crime and Security Survey. More than 250 respondents, which included computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, reported over $200 million in losses. According to CSI, the findings confirm the threat from computer crimes and other information security breaches continues unabated.

"The trends the CSI/FBI survey has highlighted over the years are disturbing," states Chris Keating, CSI Director. "Cyber crimes and other information security breaches are widespread and diverse. Fully 92 percent of respondents reported attacks."

The number of intruders grows each day and they are quite different from those of 10 years ago. A hacker does not have to be a sophisticated programmer to be able to harm a computer system. Intruders can use the Internet to educate themselves, and now have access to easy-to-use tools which allow them to do large amounts of damage in short periods of time.

"Intruders could be professional criminals, terrorists, industrial spies, teenagers and perhaps even employees," emphasizes Spagnuolo.
 
According to the National Strategy to Secure Cyberspace, released by the Bush Administration earlier this year, "Cyber attacks on U.S. information networks can have serious consequences such as disrupting critical operations, causing loss of revenue and intellectual property or loss of life...There is no special technology that can make an enterprise completely secure. No matter how much money companies spend on cybersecurity, they may not be able to prevent disruptions caused by organized attackers. Some businesses whose products or services directly or indirectly impact the economy or the health, welfare or safety of the public have begun to use cyber-risk insurance programs as a means of transferring risk and providing for business continuity."

Spam Goes Off the Charts in July
By Sharon Gaudin Datamation
August 5, 2003

July was a bad month for spam, with more junk email littering corporate inboxes on 31 days than in all of 2002.
 
MessageLabs, Inc., a New York-based email security company, says spam now makes up 50 percent of all corporate email. Analysts there also note that they stopped 79.7 million spam emails last month. That's 10 million more than the total number stopped in all of 2002.
 
Spam has grown 38.5 percent, according to MessageLabs, so far this year.
 
To Avoid Liability, Companies Advised to Protect Computer Systems
Insurance Journal: http://www.insurancejournal.com/
 
September 17, 2003
"When you participate on the Internet, you're network communicates with other networks," said Bill Cook, a partner at the Chicago law firm Wildman Harrold (www.wildmanharrold.com) and a provider in information security law and computer and network security liability issues. "The vulnerabilities in your systems quite often cause damage downstream. Companies need to make sure from a corporate due diligence standpoint that they've taken the necessary preventative steps to make sure they're not the tool used by a terrorist or hacker to create downstream damage."

'Downstream liability' - what the referred scenario is known as in legal terms - is just one of a growing number of complex and technical legal/security issues corporations should reportedly be concerned with in the post-9/11 marketplace.

Other issues include knowing whether-or-not U.S. regulators will view the company's compliance programs as adequate; what a company's liability risks are; properly addressing work place issues such as Internet and e-mail usage, protection of intellectual property, work place privacy and sexual harassment; and knowing if the company's information sharing program with federal and state agencies, as well as other businesses, create Freedom of Information Act and anti-trust implications.

 
 
CA Lic. # 0E08579 For California businesses only.
For out of state inquiries, please contact us. © 2001/2008 The Cyberian Group, Inc. All rights reserved.