Cyberattacks are not only coming from diverse parts of the world, but, compared to years past, they are hitting their targets more and more frequently these days.
Still, while awareness about infosecurity and physical safety is up, many corporations are still slow in doing something about it, according to analysts.
Riptech, Inc., a managed security services provider, released an Internet Security Threat Report that followed attack trends for the last two quarters of 2001. On behalf of its clients, it investigated some 130,000 attacks after analyzing over 5.5 billion firewall logs and IDS alerts. Taking a sample of 300 companies from its client base, Riptech determines in the report that "attack activity is severe, diverse and steadily increasing." About 70 percent of the cyberassaults on its sample set of clients originate from the U.S., South Korea, China, Germany, France, Canada, Taiwan, Italy, Great Britain and Japan - the top ten attack sources, the report shows.
"Adjusting for the number of Internet users in each country revealed several interesting findings:
- Despite showing only a modest overall number of attacks, the intensity of attacks from Israel is nearly double the attack intensity rate of any other individual country.
- Five of the top ten attacking countries are located in the Pacific Rim; these include Hong Kong, South Korea, Thailand, Taiwan and Malaysia.
- South Korea, France and Taiwan rated high on both the total attack and attack intensity scale.
- Despite the overwhelming number of attacks originating from the United States, the U.S. has a relatively low rate of attack intensity (averaging only 3.5 attacks per 10,000 Internet users)."
Riptech suggests in its report that some of the differences among countries' attack rates may have to do with distinctions surrounding computer crime legislation and levels of infosecurity awareness, the possibility of state-sponsored cyberespionage and other cultural, political or social factors.
"The findings presented in Riptech's Internet Threat Report reveal that the external threat is diverse, growing and significant. The findings also suggest that the external threat is perhaps even more severe than is indicated by several recent studies on Internet security," concludes Riptech in its analysis. "Furthermore, the fact that the Internet security threat rate appears to be substantially higher for the financial services, high tech, and power and energy industries, provides an opportunity for IT and risk management executives in these industries to review their security postures in light of these findings."
Yet, according to a survey conducted by Booz Allen Hamilton, a management consulting firm in the U.S., CEOs of Fortune 1000 companies in that country are not of the mind that corporate security of any kind is any more important than it has been. The survey, which questioned CEOs on whether or not they believe corporate security to be more important in light of Sept. 11, found that most executives "have heightened security concerns," but believe they will be able to continue their services for customers in the U.S. and other parts of the world.
"Although CEO awareness of security issues has risen overall, we are concerned that a surprising number of chief executives don't feel a heightened sense of urgency about security," says vice president of Booz Allen Mark Gerencser. "Tightening up operating procedures is not enough to adapt to future threats - security has to be internalized at the CEO level. Corporate security is now a strategic issue that no longer can be delegated."
In 2001 alone, the Computer Emergency Response Team (CERT) showed that 52,658 infosecurity incidents were reported. This figure reached only 21,756 in 2000. Computer security vulnerabilities were up in 2001, too, with 2,437 being reported as compared to only 1,090 being logged in 2000.
These and other findings show that the reach of the Internet is not only enabling organizations to streamline their business practices, better their work flow and find new ways to increase profits; they also make clear that the Internet has become an even more interesting and valuable tool for crackers. With a few simple keystrokes and the click of a mouse, cybercriminals can send their toxins to any unprotected company or individual they wish. They can sneak into networks to thieve information or money. They can plant trojans for recognizance activities or sign on slave computers to lay in wait for when they want to launch an effective and devastating distributed denial-of-service (DDoS) attack.
In the Feb. 4 edition of SecureAgent Software's Secure eNewsletter, it is reported that the World Wide Web is getting attacked more than ever because of increasing vulnerabilities. Michael Vatis, former director of the FBI's National Infrastructure Protection Center, is reported as saying that the rate of the Internet's vulnerabilities is far outgrowing the security protections being put in place by the organizations who sign on every day to benefit from the web. While it is noted that some of the increase in the attack count can be attributed to a better awareness of the threats and increased reporting of them, a greater part is due to more sophisticated hacking tools and multi-pronged attacks.
Sure, company executives are voicing their awareness and some are even throwing dollars at decreasing their risks, but there is still a giant cluster of more companies that attempt to skate by with the barest of protections. It is time for organizations to make a concerted effort to strengthen their networks to ward off attacks. Without organizations accessing the Net working together and with government entities to find more sophisticated ways to secure their information on the web, crackers will still be in the lead.
Riptech notes that its report should bring home the fact that the "Internet security threat is real, pervasive and perhaps more severe than previously anticipated. Stakeholders of Internet-connected organizations should ensure that appropriate measures have been taken to address this increasing threat rate."
Knowing these facts, organizations must make real moves to secure their networks and the information contained on them. Finding the dollars, hiring the help, making and enforcing the policies, and then following up with a layering of security tools, may seem like a chore that can be put on the backburner for a while longer; however, the threats and attacks are not abating. Not only is the company with the minimalist infosecurity approach at risk - all the organizations that are connected to it via the Internet are just as vulnerable without appropriate security.
Illena Armstrong is U.S. editor of SC Magazine.