Australians gather data on attacks Computer Security Alert Number 178, Jan 1998 The Office of Strategic Crime Assessments (OSCA) in Canberra, Australia and the Victoria Police Computer Crime Investigation Squad recently released the results of their own "1997 Computer Crime and Security Survey." With our cooperation, they built their survey around the questions used in the CSI/FBI "Computer Crime and Security Survey." The data from down under is interesting, and reveals many of the same patterns as the CSI/FBI survey - for example, a lack of willingness to report computer crimes to law enforcement. Only 19% of the Australians respondents had, compared to 17% in both the 1996 and 1997 CSI/FBI surveys. Thirty-seven per cent of the Australian respondents confirmed "unauthorized use of computer systems within the last 12 months," but 17% of respondents answered "don't know." As in the CSI/FBI 1996 and 1997 studies, "disgruntled employees" and "hackers" were considered the greatest threats, but considerably less concern was shown about competitors as likely sources of attack than in our study of U.S. organizations - the Australians' concern over competitors will likely increase as the global economy gets fiercer and its implications become clearer to them. The data on financial losses due to computer misuse was particularly interesting, although inconclusive. Seventy-seven per cent estimated total costs at under $10,000. But a follow-up study with selected respondents identified that IT managers were not necessarily in the best position to estimate the full cost of computer abuse. "One bank estimated the total cost of computer misuse for the past twelve months at less than $10,000. However, the compliance and fraud control office at the organization felt that a 'figure in excess of $500,000 would be more realistic.' Similarly, in follow-up discussions, a communications company and a university both estimated their real cost of computer abuse to be close to $1 million for the calendar year."