Despite intensive reporting of the recent Yahoo and EBay attacks, many businesses and public agencies are complacent about such cyber-crimes, said John Pescatore, an analyst with GartnerGroup in Stamford, Conn. Executives tend to lose sight of the need for vigilance against more serious cyber-crimes, such as theft of corporate data or consumer credit card numbers, he said.
And the open nature of the Internet suggests that security problems could increase over time, some experts say. One reason is that many Internet servers--the powerful computers that operate Web sites--must be placed outside security firewalls to be accessible to retail customers.
The rapid churn of new Net technology also opens channels for cyber-crime. "People change their Web services constantly," such as adding new servers or interactive features, Pescatore said. "It is impossible for any corporate security group to keep up with these changes."
He estimates that as many as 75% of Web servers are vulnerable to hacking attacks.
The Federal Bureau of Investigation assisted in the development of the Computer Security Institute survey questionnaire. The FBI faces widespread distrust in the high-tech industry, which doubts the agency's competence. These executives also fear that an investigation of a successful hacking attack could scare away potential customers.
Perhaps because of those reasons, only one in four surveyed reported computer crimes to law enforcement in 1999, down from 32% in 1998. The low reporting rate "is a concern," said George Grotz, an FBI spokesman.
The FBI has previously acknowledged that it lacks sufficient expert staff to handle its surging computer crime caseload.
Grotz said of February's Web site attacks: "No credible suspects have been developed at this point."
