Phoenix Technologies has announced the findings of a landmark study on Department of Justice network crime prosecutions that reveals most attacks used stolen IDs and passwords, resulting in far greater damages to affected organizations than previously thought: up to $10 million per occurrence and on average more than $1.5 million per occurrence.
The report, “Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006,” concludes that 84 percent of attacks could have been prevented if, in addition to checking the user ID and password, the organization had verified the identity of the computer connecting to their networks and accounts.
Previous studies on the financial damage of computer crimes used surveys of affected organizations, leading to often-questionable data and conclusions about such crimes. This new study conducted by research and advisory firm Trusted Strategies analyzed data validated by the legal process of all cases prosecuted and publicly disclosed by the Department of Justice between March 1999 and February 2006.
The report concludes, “Network attacks could have been prevented in 84 percent of all cases if the organization had implemented device identification and authentication in addition to user ID and password protections. In other words, only requiring user IDs and passwords for network access to high-value information assets should no longer be considered adequate network security.”