Web Server Attacks Doubled in 2001

IT and computer security magazine Information Security this week released the findings of its 2001 Information Security Industry Survey. The survey was co-sponsored by TruSecure Corp. (Information Security’s parent company) and Predictive Systems.

Despite enterprises’ claims of increased corporate spending on computer security, survey results revealed that cyber attacks and viruses have continued to impact organizations with alarming frequency.

Almost half of the more than 2,500 organizations surveyed were hit by a Web server attack in 2001, nearly double the number hit in 2000. Viruses, worms, Trojans Horses, and other “malware” infected 90 percent of these organizations, even with antivirus protection in place in 88 percent of those surveyed.

“The survey proves just how pervasive and serious attacks like Code Red and Nimda are,” said Andy Briney, editor in chief of Information Security and lead analyst of the survey.

“Even ‘security-aware’ organizations are being attacked on all sides, both internally and externally,” Briney added.

One cure for those hit by both Code Red and Nimda may be migration to a Web server other than IIS. An advisory issued by Gartner last month recommended that enterprises hit by both Code Red and Nimda begin investigating alternatives to the popular Microsoft product, such as moving Web applications to less-vulnerable Web server products.

Among other survey findings:

  • Corporate funding for information security continued to grow overall, although the pace has slowed from that of recent years. Nearly one-third of surveyed enterprises froze security spending at some time in 2001 because of adverse economic conditions.
  • While “insider” security incidents occurred far more frequently than “external” incidents, securing the network perimeter against internal attacks remains the top priority of corporate information security departments.
  • Out of all of the developing technology markets, respondents are most interested in public key infrastructure, wireless, and enterprise security management solutions.

The fourth annual Information Security Industry Survey was conducted in late July and early August. It was completed by 2,545 information security managers, engineers, administrators, consultants, and analysts from financial services, healthcare, consulting, government, and other public and private industries.

The entire survey analysis and results can be viewed at http://www.infosecuritymag.com/articles/october01/images/survey.pdf. The survey is also available in the October issue of Information Security magazine.

Editor’s note: This story first appreared on ServerWatch, an internet.com site.