| 1一 Introduction With the development of the magnificent World Wide Web (WWW) and the migration from mainframe to client server, the need for increased awareness and security measures has become imperative. Computer crimes account for losses of more than one billion dollars annually. Computer criminals manifest themselves in many forms including co-workers, competitors and "crackers". What really is a computer crime, why do they occur, how do they occur and most importantly how does one prevent them? With less than 15% of the 10 million personal computers networked in 1990 and more than 50% of the 100 million personal computers networked today, preventing infiltration into computer systems ranks as the number one challenge to computer security and corporate intellectual property. Computer crimes account for losses of more than one billion dollars annually. A survey by the Computer Security Institute (CSI) and the Federal Bureau of Investigation's (FBI) Computer Crime Division found that nearly half of the five thousand (5,000) companies, federal institutions and universities polled experienced computer security breaches within the last twelve months. These attacks ranged from unauthorized access by employees to break-ins by unknown intruders. The CSI of San Francisco also surveyed 242 separate Fortune 500 companies concerning Internet security and found that in 1995 only twelve (12) percent of the companies reported losses as a result of system penetration. Those losses totaled $50 million. In terms of dollar value, the average theft costs a company $450,000. for each incident. Information Week magazine conducted its third annual survey in conjunction with Ernst and Young. The survey queried 1,290 respondents almost one-half of which said they suffered a financial loss related to information security in the last two years. At least twenty of the 1,290 respondents stated their information security losses came to more than $1 million each. Additional loss information acquired from the Ernst and Young survey in that one in four U.S. companies has been a victim of computer crime with losses ranging from $1 billion to $15billion. The biggest problem when dealing with computer crime is not the crime itself, but the fact that these breaches of security are seldom detected. Since there are few ways of tracing a thief through a computer network, administrators have difficulty identifying and quantifying losses due to data thefts. The FBI investigates break-ins and states that 4 out of 5 of the computer crimes investigated in 1993 involved the unauthorized access to computers via the Internet. The infamous hacker turned "cracker" Kevin Mitnick used IP (Internet Protocol) spoofing through the Internet to break into Tsutomu Shimomura's computer network. Shimomura, an expert on computer security, used a program that he had written to detect Mitnick's movement through his network and ultimately apprehend him. The average businessman does not have the expertise to accomplish this feat nor the capital to afford it. II. Types of Computer Criminals Computer criminals manifest themselves in many forms. Many company security officers believe that the weakest element in the computer cycle is the employee either disgruntled or simply lazy. Conversely the biggest danger to a company's intellectual property (trade secrets, R & D plans, pricing lists, customer-information) is other companies. "Competitors are the single greatest threat in computer crime." according to Richard Power of Computer Security Institute in San Francisco. Insiders steal corporate data to boost their income. Competitors may be the biggest threat, but the dirty work is performed by the insiders. A CSI/FBI survey found that insiders were involved in forty-six (46) percent of electronic espionage cases. When trying to identify the insider who has perpetrated the fraud, look for the disgruntled employee who is making points for his future employer. The American Society for Industrial Security (ASIS) estimates the loss from the theft of... |
PDF Full Text Request