The Community for Technology Leaders

News Briefs

Pages: pp. 5-6


10th CSI/FBI Survey Shows Dramatic Increase in Unauthorized Access

The Computer Security Institute (CSI) announced the results of its 10th annual Computer Crime and Security Survey, noting that average cybercrime losses are down but unauthorized access is up. CSI conducts The Computer Crime and Security Survey with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad. This effort aims to raise the level of security awareness and helps determine the scope of computer crime in the US. The survey is available for free download from the Institute's Web site at

Highlights of the 2005 survey include the following:

  • The total dollar amount of financial losses resulting from security breaches is decreasing, with an average loss of $204,000 per respondent, down 61 percent from last year's average loss of $526,000.
  • Virus attacks continue as the source of the greatest financial losses, accounting for 32 percent of the overall reported losses.
  • Unauthorized access showed a dramatic increase and replaced denial of service as the second most significant contributor to computer crime losses, accounting for 24 percent of overall reported losses and showing a significant increase in average dollar loss.
  • Theft of proprietary information also showed a significant increase in average loss per respondent, more than double that of last year.
  • The percentage of organizations reporting computer intrusions to law enforcement has continued its multiyear decline. Respondents cited the concern over negative publicity as the key reason for not reporting intrusions to law enforcement.

Based on responses from 700 computer security practitioners at US corporations, government agencies, financial institutions, medical institutions, and universities, the survey confirms that the threat from computer crime and other information security breaches is real. Chris Keating, CSI director, says organizations that raise their level of security awareness "have reason to hope for measurable returns on their investments."

The FBI has responsed to a growing number of instances in which criminals have targeted major components of information and economic infrastructure systems, establishing regional computer intrusion squads located in selected offices throughout the US. Their mission is to investigate violations of the Computer Fraud and Abuse Act (Title 8, Section 1030), including intrusions into public switched networks, major computer network intrusions, privacy violations, industrial espionage, pirated computer software, and other crimes. Additionally, the FBI sponsors InfraGard, an information sharing and analysis effort between the FBI and the private sector. To learn more about InfraGard, your local chapter, and how to become a member, see


Hosted and Managed Speech Services Poised to be $845 Million by 2009

North America's $458 million hosted and managed speech services market will exhibit an aggressive 15 percent year-over-year growth rate through the next four years, according to a report from independent analyst firm Datamonitor. The report, Voice as a Service, says two key factors are spurring growth. From the vendor perspective, a saturated hosted/managed dual-tone multifrequency (DTMF) market is forcing hosted interactive voice response (IVR) providers in North America to sharpen their focus on speech services to arrest the precipitous slide of their revenues and create new revenue streams. In tandem with this, smaller providers that specialize in hosted speech services are gaining greater momentum and credibility among enterprises and service providers. As a result, several businesses are choosing the hosted/managed services model over a premise-based model. In addition, enterprises and service providers are realizing the return on investment and customer service benefits that come from speech, which is helping drive investment in speech solutions.

Datamonitor says North America's spending on hosted speech services will almost double to reach $845 million by 2009

The vertical markets that have traditionally outsourced customer care functions, financial services and communications, are also outsourcing IVR functions to hosted IVR providers. Although these verticals will continue to account for more than 50 percent in terms of revenues and IVR port usage, healthcare, public sector, and travel and tourism are also exhibiting a strong uptake in hosted IVR services.


Less Than 25 Percent of Organizations Regularly Review External Risks

Less than one-quarter of organizations review external risks on a regular basis, according to a study of 200 IT professionals from 14 countries conducted by the IT Governance Institute (ITGI) in conjunction with Lighthouse Global. The study, described in Information Risks: Whose Business Are They? also reveals that the board of directors or CEO signs off on the IT risk management plan in only one-third of all organizations.

"The lack of attention to external risks and the lack of business involvement in the IT risk management plan are worrying given the extensive reliance on outsourcing and service providers, and the globalized nature of many organizations," said Gary Hardy, director of IT Winners and the publication's author.

"Best practices identified in Information Risks advise that top management should share responsibility with the IT department for IT risks.

Results show the opposite is true in most organizations. According to the study, IT risk management is the responsibility of IT management—not the business—in 80 percent of organizations."


Notebook Sales Surpass Desktops in May 2005

Current Analysis research indicates that notebook sales surpassed desktop sales in the US retail market in May. This marks the first time that notebooks have outsold desktops over the course of a full month. Sales of notebooks have surpassed desktops because of extremely heavy promotions, but those rare occasions were one-week periods.

Notebook sales grew from 45.9 percent of the total PC retail market in May 2004 to 53.3 percent in May 2005. In August 2004, notebooks came close to surpassing desktops (garnering 49.6 percent of the market) on the strength of intense back–to-school advertising by Toshiba.

Sam Bhavnani, senior analyst for mobile computing, offers three reasons for the increase in sales: "The past few months have seen an increase in the number of retail notebook players, with lesser-known value players Acer and Medion gaining shelf space at major retailers such as Best Buy, Circuit City, and CompUSA. In addition, notebook pricing has dropped considerably, almost 17 percent between May 2004 and May 2005 ($1,370 to $1,131)."

Bhavnani continues, "Moreover, WiFi is no longer considered a luxury, but rather a necessity for today's mobile users. One year ago, over 20 percent of retail notebooks did not include wireless. Today, that number is less than 5 percent. While Centrino laptops were frequently advertised in the $1,399 range last year, it is now common to see sub-$900 Centrino models."

Risk Best Practices

  • Embed into the enterprise an accountable, effective, and transparent IT governance structure.
  • Pay attention to IT control failures and weaknesses in internal control, and their actual and potential impact. Also consider whether management acts promptly on them and whether risks require more monitoring.
  • Establish an audit committee, and ensure that it covers security risks for external-audit requirements, including securing annual opinion letters, management control assertions, and compliance letters. The audit committee should also determine what the significant IT risks are; assess how they are identified, evaluated and managed; commission IT and security audits; and rigorously follow up with subsequent recommendations.
  • Monitor how management determines what IT resources it needs to achieve strategic objectives.
58 ms
(Ver 3.x)