Survey: Web attacks doubled in past year

IDG News Service - Attacks on Web servers have doubled this year over last, and nearly 90% of companies surveyed have been infected with worms or viruses, despite having antivirus software installed, according to the Information Security Industry Survey, performed annually by Information Security magazine.

Information Security magazine, which is owned by Herndon, Va.-based security firm TruSecure Corp., conducted the survey from late July to early August and received responses from 2,545 information security workers. Nearly 50% of the companies surveyed experienced attacks against their Web servers from external sources this year, up from 24% last year, the study found. Nearly 90% were hit with worms, viruses or Trojan horses; almost 40% suffered denial-of-service attacks; and a third faced buffer overflow attacks, the survey found.

Security threats from those inside companies were more varied and frequent, but somewhat less serious, the study found. Seventy-eight percent of respondents said that company employees had installed or used unauthorized software, and 60% said employees used company computers for unauthorized or illegal purposes. Fewer than 60% of companies reported internal hacking incidents, while 58% cited abuse of access controls; 22% said employees had engaged in electronic theft, sabotage or leaks; and 9% said computers were used for fraud. All numbers were down from last year.

Malicious code, privacy and confidentiality issues and protection against exploits (automated attack tools and methods of attack security vulnerabilities) topped the list of issues of concern for 2001-02, respondents said.

Despite these concerns and the findings that internal threats are more common than external, the top security projects slated for 2001-02 involve strengthening the network perimeter to prevent external attacks, ensuring the security and availability of Web sites and adding security for messaging and remote workers, the study found.

Those projects may not be easily attained, however, as survey respondents reported a number of obstacles to providing better security. Chief among them are budgetary concerns. Fifty-four percent of those surveyed expect their security budgets to increase in 2001-02, the same percentage that felt that way in 2000-01. Twenty-nine percent, however, said their budgets for 2001 have been frozen due to the economy.

Other barriers to good security include a lack of employee or end-user training, a lack of support from management and the inability to find competent computer security staff, the study found.

Related stories:

• Brief: Lufthansa fights off denial-of-service attack, June 20, 2001



• Attack takes CERT off the Web, May 24, 2001



• Investigators seek clues to White House Web site attack, May 7, 2001



• Update: Microsoft Web sites hit by denial-of-service attack, Jan. 25, 2001

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.