Institute of Internal Auditors, Inc., Internal Auditor

February 1, 2000

INSIDERS INFILTRATE CORPORATE COMPUTERS

    Loss of corporate proprietary information due to computer theft has risen dramatically over the last three years. A new study on cyber security reports that financial losses stemming from computer crime exceeded $42 million in 1999, an increase of more than 100 percent from 1997. 

    The study, conducted by Michael G. Kessler & Associates Ltd., shows that "inside" hacking by disgruntled employees who steal confidential information and trade secrets accounts for more than one third of corporate computer infiltration. Other perpetrators include outside hackers, other U.S. companies, and foreign corporations and governments. 

      "There must be heightened awareness of the growing number and variety of computer security breaches that can weaken a company's balance sheet," says Michael Kessler. He also warns, "Internet invasions increase with growing computer and Internet popularity. Code can be cracked; systems will be sabotaged. Hacking is a reality, and CEOs who have turned a deaf ear to its existence will be shocked when it happens to their allegedly failsafe network." Kessler advises corporations to implement computer forensics measures and Internet monitoring to help prevent the loss of intellectual property. 

    A separate survey, jointly conducted by the Computer Sciences Institute (OSI) and the Federal Bureau of Investigation (FBI), mirrors Kessler's findings. The CSI/FBI survey indicates that financial losses among 163 respondents--including U.S. corporations, government agencies, and universities--totaled $124 million. More than half of the respondents also reported unauthorized computer access by insiders. 

    According to Richard Power, editorial director of CSI, "It is clear that computer crime and other information security breaches pose a growing threat to U.S. economic competitiveness and the rule of law in cyberspace. It is also clear that the financial cost is tangible and alarming." 

    The growing concern over threats to technology infrastructure has led the U.S. Justice Department to form the Computer Crime and Intellectual Property section, which is entirely devoted to cyber crime issues. In addition, President Clinton recently announced that he is seeking a $280 million increase in government spending on computer security. A key advisor indicated that cyber-terrorism is expected to be one of the top threats to U.S. security in the new century.