[ISN] Businesses May Not Report Cyber Attacks

InfoSec News isn at c4i.org
Wed Aug 10 02:36:53 EDT 2005 

http://www.washingtonpost.com/wp-dyn/content/article/2005/08/09/AR2005080900907.html

By MARK SHERMAN
The Associated Press
August 9, 2005

WASHINGTON -- Most businesses do not report cyber attacks to law 
enforcement authorities, fearing the disclosure would harm their image 
and benefit rivals, FBI Director Robert Mueller said Tuesday.

This reluctance has become especially important at a time when 
identity theft is growing rapidly and terrorists are increasingly 
using the Internet, Mueller said in a speech to the InfraGard national 
conference, private companies that share security tips and expertise 
with the FBI.

"Today a command sent over a network to a power station's control 
computer could be just as deadly as a backpack full of explosives," 
Mueller said.

Business leaders last month announced an education campaign to better 
protect sensitive client information from hackers and other thieves, 
after a string of high-profile data thefts and losses.

In June, CardSystems Solutions Inc. disclosed that a breach of its 
system that processes transactions between merchants and credit card 
issuers exposed 40 million accounts to possible fraud.

Mueller's comments were based on an annual survey conducted by the FBI 
and the private Computer Security Institute that found just 20 percent 
of businesses reported computer intrusions last year, a figure that 
has held steady for several years.

The reasons cited most often for keeping the incidents quiet were loss 
of business to competitors and potential damage to a company's image 
among consumers.

Mueller said he understood those concerns and promised the FBI would 
be more sensitive in responding to computer hackings. "We also 
recognize that putting on raid jackets and rushing in may not be the 
best answer in situations such as those," he said.

Businesses must overcome those fears, he said, and be more forthcoming 
in reporting computer hacking to authorities. "Maintaining a code of 
silence will not benefit you or your company in the long run," he 
said. "We cannot investigate if we are not aware of the problem."

-=-

On the Net:

Computer Security Institute: http://www.gocsi.com/
InfraGard: http://www.infragard.net/index.htm

More information about the ISN mailing list