Security means not so perfect Despite investing in a variety of security technologies, enterprises continue to suffer network attacks at the hands of malware writers and inside operatives, according to an annual FBI report released today. Many security incidents continue to go unreported. The 2005 FBI Computer Crime Survey was taken by 2,066 organizations in Iowa, Nebraska, New York, and Texas late last spring, which survey organizers deemed a good sample of enterprises nationwide. The report is designed to "gain an accurate understanding" of computer security incidents experienced "by the full spectrum of sizes and types of organizations within the United States," the FBI said. The 23-question survey addressed such issues as the computer security technologies enterprises use, what kinds of security incidents they've suffered and what actions they've taken. The survey is not the same as the CSI/FBI Computer Crime and Security Survey, which has been conducted for several years and has a somewhat different focus, method and restricted number of respondents, the FBI said. Among the findings: * Security software and hardware failed to prevent more than 5,000 incidents among those surveyed. Eighty-seven percent of respondents said they experienced some type of incident. * A common point of frustration among respondents came from the nonstop barrage of viruses, Trojans, worms and spyware. * Use of antivirus, antispyware, firewalls and antispam software is almost universal among those who responded. But the software apparently did little to stop malicious insiders. * Of the intrusion attempts coming from outside the organizations, the most common countries of origin included the United States, China, Nigeria, Germany, Russia and Romania. * New York had the lowest percentage of organizations experiencing unauthorized access, but it had the highest percentage of those experiencing insider abuse, laptop theft, telecom fraud, viruses and Web site defacement. Austin was home to the organizations most likely (more than 91%) to have at least one type of computer security incident. * Of those admitting they didn't alert the authorities after a security breach, about 700 respondents said there was no criminal activity, almost an identical number indicated the incident was too small to report and 329 (23%) thought law enforcement wouldn't be interested. Read the entire article here, http://www.crime-research.org/news/12.01.2006/1756/

HI Doug, Thanks for the update, sure appreciate it! God bless! Carla