[ISN] Businesses May Not Report Cyber Attacks
isn at c4i.org
Wed Aug 10 02:36:53 EDT 2005
By MARK SHERMAN
The Associated Press
August 9, 2005
WASHINGTON -- Most businesses do not report cyber attacks to law
enforcement authorities, fearing the disclosure would harm their image
and benefit rivals, FBI Director Robert Mueller said Tuesday.
This reluctance has become especially important at a time when
identity theft is growing rapidly and terrorists are increasingly
using the Internet, Mueller said in a speech to the InfraGard national
conference, private companies that share security tips and expertise
with the FBI.
"Today a command sent over a network to a power station's control
computer could be just as deadly as a backpack full of explosives,"
Business leaders last month announced an education campaign to better
protect sensitive client information from hackers and other thieves,
after a string of high-profile data thefts and losses.
In June, CardSystems Solutions Inc. disclosed that a breach of its
system that processes transactions between merchants and credit card
issuers exposed 40 million accounts to possible fraud.
Mueller's comments were based on an annual survey conducted by the FBI
and the private Computer Security Institute that found just 20 percent
of businesses reported computer intrusions last year, a figure that
has held steady for several years.
The reasons cited most often for keeping the incidents quiet were loss
of business to competitors and potential damage to a company's image
Mueller said he understood those concerns and promised the FBI would
be more sensitive in responding to computer hackings. "We also
recognize that putting on raid jackets and rushing in may not be the
best answer in situations such as those," he said.
Businesses must overcome those fears, he said, and be more forthcoming
in reporting computer hacking to authorities. "Maintaining a code of
silence will not benefit you or your company in the long run," he
said. "We cannot investigate if we are not aware of the problem."
On the Net:
Computer Security Institute: http://www.gocsi.com/
More information about the ISN