Australians gather data on attacks
Computer Security Alert
Number 178, Jan 1998

   The Office of Strategic Crime Assessments (OSCA) in Canberra, Australia
and the Victoria Police Computer Crime Investigation Squad recently
released the results of their own "1997 Computer Crime and Security
Survey." With our cooperation, they built their survey around the
questions used in the CSI/FBI "Computer Crime and Security Survey."
   The data from down under is interesting, and reveals many of the same
patterns as the CSI/FBI survey - for example, a lack of willingness to
report computer crimes to law enforcement. Only 19% of the Australians
respondents had, compared to 17% in both the 1996 and 1997 CSI/FBI
   Thirty-seven per cent of the Australian respondents confirmed
"unauthorized use of computer systems within the last 12 months," but 17%
of respondents answered "don't know."
   As in the CSI/FBI 1996 and 1997 studies, "disgruntled employees" and
"hackers" were considered the greatest threats, but considerably less
concern was shown about competitors as likely sources of attack than in
our study of U.S. organizations - the Australians' concern over
competitors will likely increase as the global economy gets fiercer and
its implications become clearer to them.
   The data on financial losses due to computer misuse was particularly
interesting, although inconclusive. Seventy-seven per cent estimated total
costs at under $10,000. But a follow-up study with selected respondents
identified that IT managers were not necessarily in the best position to
estimate the full cost of computer abuse.
   "One bank estimated the total cost of computer misuse for the past
twelve months at less than $10,000. However, the compliance and fraud
control office at the organization felt that a 'figure in excess of
$500,000 would be more realistic.' Similarly, in follow-up discussions, a
communications company and a university both estimated their real cost of
computer abuse to be close to $1 million for the calendar year."