Costs to agencies escalate as computer misuse increases

More than half of federal agencies recently surveyed have been victims of unauthorized use of computer systems, with agencies' financial losses rising by more than 3,000 percent over last year, according to a new report being issued today.

The study, conducted jointly by the San Francisco-based Computer Security Institute and the FBI, covers reports of attacks by outside users, insider abuse, system penetration, denial-of-service attacks, viruses and laptop theft, among others. Last year agencies reported $1.5 million in losses from unauthorized use, compared with this year's total of $52 million, according to the study.

Of 57 federal agency respondents, 61 percent reported that they had experienced unauthorized computer system use in the past 12 months. In addition, more than 18 percent reported that they did not know if unauthorized use had occurred.

The combined financial losses reported by 520 federal government agencies, universities, corporations and financial institutions as part of the study topped $136 million.

Total reported losses from all sectors increased 36 percent compared with last year. Most of the federal agency respondents reported that the Internet was the most frequent point of attack.

Federal agencies believe foreign governments, hackers and disgruntled employees are the most likely sources of computer system abuse, according to the study. Of 45 agency respondents, 58 percent cited foreign governments as likely sources of attack.

While agencies reported the use of various types of security technologies—- such as access control, encryption, anti-virus software, firewalls and intrusion protection—- 41 percent of 48 respondents reported that their agencies did not have a written policy for network intrusions.