FBI: Security lapses at 90 percent of companies

A new FBI computer crime survey claims that nine out ten polled companies have experienced a security lapse.

The 23-question 2005 FBI Computer Crime Survey, which polled 2,066 companies, found that 87 percent of enterprises experienced some type of security incident over a year-long period.

"We want organizations to be able to see the trend of what's happening," Special Agent Bruce Verduyn of the Houston FBI Cyber Squad said today. "I think this is a wake-up call to organizations that there really is more crime going on that what they realize."

About 64 percent of respondents – comprised of private and public organizations based in New York, Iowa, Nebraska and Texas – reported a financial loss due to the security incidents. The average cost setback totaled more than $24,000, according to the survey.

Viruses, including worms and trojans, and spyware topped the list of malware attacks the companies faced, the survey said. Nearly all of the respondents said they use anti-virus software, while 90 percent use firewalls.

But Natalie Lambert, an analyst at Forrester Research, said today that such technology "becomes kind of useless" unless it is properly maintained. She recommended regular client security sweeps.

"It's important to note that nothing's perfect," she said. "Virus creators are getting more sophisticated with the types of attacks they do. It's very important to note that just because technology is in place doesn't mean it's being used adequately and correctly."

Forty-four percent of respondents reported intrusions from within their own company, the survey showed.

"This is a strong indicator that internal controls are extremely important and should not be underemphasized while concentrating efforts on deterring outside attackers," the FBI said.

Lambert and Verduyn suggested organizations implement a host of technologies to combat potential computer security problems, including VPNs, biometrics and intrusion prevention systems.

To qualify for the survey, organizations must have been existence for three years, have five or more employees and generate an annual revenue of at least $1 million. About 24,000 organizations received the survey.

Almost 46 percent of respondents were from organizations with a gross annual income of less than $5 million, while 2.4 percent worked for firms that earn more than $1 billion. Sixteen percent of respondents gross between $10 million and $99 million.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.