February 21, 2001, 4:11 PM — Last year was a watershed for the Internet. The number of users worldwide passed the 300 million mark. Whew! But that also means that the number of crooks on the Web surpassed 1 million.
The calculation is based on the U.S. Uniform Crime Reporting Statistics, which we have extrapolated to the world at large, so we're only talking about crooks whose vitae include arrest and conviction. Their crimes include forgery, embezzlement, fraud, vandalism and disposing of stolen goods. To reach that number of crooks, we assume that the ratio of criminals to law-abiding citizens is the same in the online world as in the off-line world. At this rate, there will be twice as many crooks on the Web in four years.
Appropriately, spending on hardware, software and services to make Web sites secure will also more than double, from $14 billion last year to $30 billion in 2004, according to IDC forecasters.
So everything should be all right, right?
Nope. Metcalfe's Law says a network's value grows by the square of the cost of adding users. So does the potential impact of an action with malicious intent. Crooks in the off-line world at most can mug only a small group of victims at a time; on the Net, it's as easy as spam pie. With Internet commerce expected to grow from $300 billion last year to almost 10 times that in 2004, I don't think we're spending anywhere near enough on security.
In an IDC survey last fall, 95% of IT managers at large and medium-size U.S. companies acknowledged that they had experienced some kind of "incident" in the past year, but mostly, that meant dealing with viruses like the Love Bug. Some 55% thought they had had an attempt at unauthorized use of their systems, applications or e-mail, but only 10% said such an event was detected after it occurred. Only 45% thought they had experienced unauthorized access to systems or information. And less than 30% encrypt any e-mail.
Given the highly publicized Web site problems at Yahoo, Microsoft, AOL and the World Economic Forum, I'm surprised that was the only mayhem detected in the survey. I allude to those crime statistics. How many crimes are committed for which there are no arrests and convictions? How many aren't reported or detected?
Make the following assumptions: