Cyber attacks double over the last year

Cyber vandalism is on the increase with attacks more than doubling over the last year. And according to the experts, nearly every company has been infected with viruses or worms despite having safeguards in place.

Research from security firm TruSecure found that half of all companies surveyed this year, which totalled more than 2500, have suffered attacks on their web servers. This figure is up from 24 per cent in 2000.

Almost 40 per cent have also suffered denial of service attacks in the last year, and over 30 per cent of public facing servers have been hit with buffer overflows.

But according to the Industry Security Survey 2001 the biggest danger by far in the last year has been virus, Trojan and worm type attacks. Almost 90 per cent of the respondents said that they had suffered infections despite having antivirus software installed.

While 60 per cent of companies said that employees had used computers for unauthorised or illegal purposes, and 78 per cent had installed unauthorised software, internal threats were less serious.

The majority, 58 per cent, were privilege abuses, but nine per cent of companies reported that employees had committed fraud. However, most of these figures were marginally down from last year.

A majority of IT managers believe that the more serious threats come from external attacks and that the main concern should be hardening the network perimeter, especially to defend against viruses.

But this won't be easy in a slow economy. Some 29 per cent expressed concerns over frozen budgets this year, although 54 per cent actually expected their budgets to increase.

Other major obstacles included user education, lack of policies and incompetent personnel. "In a layoff economy you are tempting fate with poor security. Company loyalty does not exist when companies do not reciprocate it," said one respondent.

But the biggest frustration seems to be the people at the top, and those holding the purse strings. One exasperated security administrator said: "If management could just understand how much it would affect our business if we're '0wn3d' [broken into and 'owned' by a hacker], I think the rest of the problems would be taken care of," he said.

"Although I talk about it, write reports about it and so on, and they nod their heads, the lack of financial and policy support for my security operations clearly shows that [management] doesn't really understand the nature of the problem," he added.