Despite enterprises' claims of increased corporate spending on computer security, results of a new survey reveal that cyber attacks and viruses continue to impact organizations with alarming frequency.
Almost half of the more than 2,500 organizations surveyed by Information Security magazine were hit by a Web server attack in 2001, nearly double the number hit in 2000. Viruses, worms, Trojans Horses, and other "malware" infected 90% of these organizations, even with antivirus protection in place in 88% of those surveyed.
The magazine's 2001 Information Security Industry Survey was was co-sponsored by TruSecure Corp. (Information Security's parent company) and Predictive Systems.
"The survey proves just how pervasive and serious attacks like Code Red and Nimda are," said Andy Briney, editor in chief of Information Security and lead analyst of the survey.
"Even 'security-aware' organizations are being attacked on all sides, both internally and externally," Briney added.
One cure for those hit by both Code Red and Nimda may be migration to a Web server other than IIS. An advisory issued by Gartner last month recommended that enterprises hit by both Code Red and Nimda begin investigating alternatives to the popular Microsoft product, such as moving Web applications to less-vulnerable Web server products.
Among other survey findings:
- Corporate funding for information security continued to grow overall, although the pace has slowed from that of recent years. Nearly one-third of surveyed enterprises froze security spending at some time in 2001 because of adverse economic conditions.
- While "insider" security incidents occurred far more frequently than "external" incidents, securing the network perimeter against internal attacks remains the top priority of corporate information security departments.
- Out of all of the developing technology markets, respondents are most interested in public key infrastructure, wireless, and enterprise security management solutions.
The fourth annual Information Security Industry Survey was conducted in late July and early August. It was completed by 2,545 information security managers, engineers, administrators, consultants, and analysts from financial services, healthcare, consulting, government, and other public and private industries.
The entire survey analysis and results can be viewed at http://www.infosecuritymag.com/articles/october01/images/survey.pdf. The survey is also available in the October issue of Information Security magazine.
This article was first published on ServerWatch, an internet.com site.