Opinion: Are We Winning the Battle Against E-Crime?
A recent survey of security and law enforcement executives shows that
the fight against electronic crimes (e-crimes) continues to be an
Amongst the significant findings, respondents were asked on what
security issues they spent the majority of their time. If the media is
to be believed, one would expect the answers to include preventing
phishing attempts, Denial of Service attacks and online extortion. Yet
respondents indicated they spent more than twice as much time on "child
exploitation" as any of those other threats. The top time-consumers
were "fraud" and "identity theft."
(The term "identity theft" is a contentious one. It implies that one's identity is stolen such that it is no longer available to its owner. Although Hollywood and the media have made attempts to convince us this is plausible, the reality is it's virtually impossible to accomplish. Cybertrust prefers the term "identity fraud" when, for example, someone obtains the PIN number for your online banking and spends your money, or obtains the password for your PayPal account and abuses your privileges.)
The media take on the release of this year's survey suggested that
fighting e-crime was getting better. However, at least 65 percent of
respondents stated that the number of crimes experienced by their
networks either didn't change or increased!
More than 50 percent of respondents indicated viruses, spyware and
phishing attempts as the most common e-crimes committed against them.
And thirteen percent of respondents indicated they had discovered
zombies or bots on their networks. This is surprising because such
systems generally require weak or non-existent firewalls in order to
function, and these respondents seem security-savvy enough to
appreciate the need for firewalls.
The top e-crime committed by organization insiders had to do with rogue
wireless access points (WAPs). Presumably this refers to setting up a
WAP without permission, or abusing the availability of a WAP. One has
to wonder how many of these e-crimes were actually prosecuted, as
opposed to reprimands being issued for not adhering to company policy.
The biggest motivator for not reporting e-crimes was that the "damage
level [was] insufficient to warrant prosecution," while 6 percent
reported that "prior negative response from law enforcement" prevented
them from reporting. Law enforcement needs to ensure that number
doesn't rise so the public continues to report e-crime.
Forty-three percent of respondents indicated their monetary losses
remained the same or increased over 2004, and 53 percent believe they
will stay the same or increase in 2005.
After "hackers" and "unknown," respondents indicated that "current
employees" pose the greatest cyber security threat to their
Despite reports of abuse, respondents deemed firewalls and automated
virus scanning as being 99 percent effective at detecting or countering
misuse or abuse of systems or networks. Spyware and adware detection
was rated as 94 percent effective, a surprisingly high value given the
dire warnings the media continually deliver about how easy it is for
new spyware and adware to be installed.
"Manual patch management" was cited as the least effective technology
in fighting abuse. Interestingly, "automated patch management" was
considered only slightly better than "physical security systems" and
worse than "intrusion detection systems."
The survey, conducted by CSO magazine in cooperation with the U.S.
Secret Service and the Carnegie Mellon University Software Engineering
Institute's CERT(R) Coordination Center, is available at
Russ Cooper is a Senior Information Security Analyst with
Cybertrust, Inc., www.cybertrust.com. He's also founder and editor of
NTBugtraq, www.ntbugtraq.com, one of the industry's most influential
mailing lists dedicated to Microsoft security. One of the world's most-
recognized security experts, he's often quoted by major media outlets
on security issues.
Russ Cooper's Security Watch column appears every Monday in the
Redmond magazine/ENT Security Watch e-mail newsletter. Click here to subscribe.
About the Author
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.