Study: Internet attacks up 28% in 2002

The Internet is an increasingly dangerous place for companies, with cyberattacks up 28% for the first half of 2002 over the last half of 2001, according to a new report released Monday by security services company Riptech.

The Riptech Internet Security Threat Report tracked security data from the firewalls and intrusion detection systems of over 400 companies in over 30 countries from Jan. 1 to June 30. Seventy-four percent of the companies in the study have fewer than 1,000 employees, with 14% carrying more than 5,000 workers.

The companies that were monitored experienced an average of 32 attacks per week in the period, up from 25 in the previous period, according to the company.

The seventh annual Computer Crime and Security Survey conducted by the Computer Security Institute and the FBI last year found that 90% of responding companies had faced a cyberattack in 2001.

Companies involved in critical infrastructure work, such as power and energy companies, were bigger targets for attackers, with 70% of such companies undergoing a severe attack in the six-month period, up from 57% facing such a threat in 2001, Riptech said. Overall, public companies were nearly twice as prone to attack as private companies, nonprofit groups and government agencies, the study found.

"Virtually all statistics indicate that Internet attack activity remains intense, pervasive and potentially severe," the study said.

Despite that severity, Riptech found that the range of attacks used was fairly narrow. Ninety-nine percent of attacks focused on just 20 services, including HTTP, FTP and Telnet.

"Unprotected organizations do face a significant potential of risk," said Elad Yoran, executive vice president and co-founder of Riptech, which is located in Alexandria, Va.

All the news wasn't bad, however, as Riptech also found that "companies may be achieving some level of success in defending against Internet attacks," according to the report.

The company came to this conclusion as the number of companies suffering severe attacks over the last six months was down by nearly half - to 23% - over the last six months of 2001.

In order to better protect themselves, companies should combine the use of security hardware, such as firewalls and intrusion detection systems, with real-time security monitoring, a service Riptech offers, Yoran said. Other companies, such as TruSecure, SecurityFocus and Counterpane Internet Security also offer monitoring services.

Companies also need to devote more time to training their employees about good computer security, he added.

Additionally, data collected by Riptech found that little attack traffic is being sent from countries listed by the U.S. State Department as supporters of terrorism or cyberterrorism. Less than 1% of the total attack traffic seen over the period came from countries on the State Dept.'s cyberterrorism watch list, the company said. Of that 1%, 84% of the traffic came from Iran, Pakistan, Egypt, Indonesia and Kuwait.

Countries identified by the U.S. government as supporters of terrorism - Iraq, Syria, North Korea and Libya - were not found to be the source of any attacks for the first half of the year, though that could be due to different attack techniques and an inability to get data on such attacks, the company said.

The IDG News Service is a Network World affiliate.

RELATED LINKS