Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Pulling Threads: The 2005 E-Crime Watch Survey

The "E-Crime Watch Survey," now in its second year, points out the need for more companies to measure and report the impact of computer-related crimes

By

July 01, 2005CSO

You can't fight what you can't see, and you can't assess prevention efforts unless you measure what's going on. So it is with the fight against electronic crime.

The second annual "E-Crime Watch Survey," completed by the U.S. Secret Service, the CERT Coordination Center at Carnegie Mellon University and CSO, quizzed 819 security executives and law enforcement officers to get a sense of the often shadowy realities of electronic crime in the United States. What the survey reveals is that in this nascent field—where electronic crime is defined by survey researchers as "any criminal violation in which a computer or electronic media is used"—there's still plenty of room left for improvement.

Improvement in setting up formal systems for tracking incidents, which barely half of respondents said their organizations had in place. Improvement in reporting incidents to authorities, when a full 65 percent of those who had been victimized had not reported any electronic crimes in the past year. And improvement in identifying losses to businesses, when 62 percent of victims could not even wager a guess at what a crime had cost their companies.

As you'll see, neither the survey nor its respondents' knowledge was perfect. But because the electronic crimes landscape is a wily one, these results beat the alternative—pure, wild speculation. We know you're hungry for these numbers, so here are the survey's most instructive findings, presented to you in five discernible threads.

Thread 1: Spyware hits the mainstream

Yes, yes, we know that a lot of what of gets called "spyware" isn't illegal—although the most insidious kind of spyware (keyloggers) can be used to pilfer sensitive information and then commit crimes. What's interesting is that a category that didn't even make it onto last year's "pick list" is now a top problem. Spyware has gone mainstream.

As for the phishing numbers, make of them what you will. It's likely some of the 57 percent interpreted the question as phishing scams sent to their employees—not ones targeting their brand. Most scams documented by the Anti-Phishing Working Group target the same couple dozen household-name companies, and the survey cast a much wider net than that. Nevertheless, phishing as a precursor to fraud and identity theft has rapidly become one of the most frustrating and time-consuming issues for law enforcement. "These sites come and go so fast, it's very hard to investigate," says Larry Johnson, special agent in charge of the Secret Service's Criminal Investigative Division.

Meanwhile, 32 percent of survey respondents reported experiencing no electronic crimes. But do they really know for sure? This brings us to the next point....

RESOURCE CENTER