A detailed survey undertaken as early as 1996 by this organization on Information security problems in Fortune 1000 corporations discovered that companies do not often report computer security breaches to legal authorities for a number of reasons. These reasons include not wanting the incidents to become public because they fear a loss of client confidence and drops in stock market prices, and they are concerned about a drop in productivity during the intrusion investigations. Moreover, the survey results showed that although 83.4% of the responding firms had a written policy dedicated to computer use and misuse, and though 66.8% of the responding firms had obligatory “warning” banners putting users on notice that they could be monitored while online, only 37.2% of the responding firms ever enforced their warnings or policies.
Moreover, when unauthorized accesses from outsiders were detected, the types of activities most commonly performed were probing/scanning of the system (14.6%), compromising email/documents (12.6%), introducing viruses (10.6%), and compromising trade secrets (9.8%).
When insiders were caught for computer improprieties—such as maintaining their own businesses while using the company’s computer systems or abusing their company online accounts— more than 75% of the responding firms reportedly gave only oral or written warnings to the perpetrators of such acts. Only 15% of the responding firms suspended or fired the guilty employees or referred the incidents to legal officers for further investigation. For the past 10 years, the CSI/FBI survey has reported on exploits in industry, government agencies, and financial and medical institutions in the U.S.
See Also: Electronic Mail or Email; Virus.
Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It, Why, and How. Westport, CT: Quorum Books, 2002.