- The internet is an increasingly dangerous place for companies with cyberattacks up 28% for the first half of 2002 over the last half of 2001, according to a new report released this week by security services company Riptech.
The Riptech Internet Security Threat Report tracked security data from the firewalls and intrusion detection systems of over 400 companies in over 30 countries from January 1 to June 30. Seventy-four percent of the companies in the study have fewer than 1000 employees, with 14% carrying more than 5,000 workers.
The companies that were monitored experienced an average of 32 attacks per week in the period, up from 25 in the previous period, according to the company.
The seventh annual Computer Crime and Security Survey conducted by the Computer Security Institute and the US Federal Bureau of Investigation last year found that 90% of responding companies had faced a cyberattack in 2001.
Companies involved in critical infrastructure work, such as power and energy companies, were bigger targets for attackers, with 70% of such companies undergoing a severe attack in the six-month period, up from 57% facing such a threat in 2001, Riptech says. Overall, public companies were nearly twice as prone to attack as private companies, non-profit groups and government agencies, the study found.
"Virtually all statistics indicate that internet attack activity remains intense, pervasive and potentially severe," the study says.
Despite that severity, Riptech found that the range of attacks used was fairly narrow. Ninety-nine percent of attacks focused on just 20 services, including HTTP (Hyptertext Transfer Protocol), FTP (File Transfer Protocol) and Telnet.
"Unprotected organisations do face a significant potential of risk," says Elad Yoran, executive vice president and co-founder of Riptech, which is located in Alexandria, Virginia.
All the news wasn't bad, however, as Riptech also found that "companies may be achieving some level of success in defending against internet attacks," according to the report.
The company came to this conclusion as the number of companies suffering severe attacks over the last six months was down by nearly half -- to 23% -- over the last six months of 2001.
In order to better protect themselves, companies should combine the use of security hardware, such as firewalls and intrusion detection systems, with realtime security monitoring, a service Riptech offers, Yoran says. Other companies, such as TruSecure, SecurityFocus and Counterpane Internet Security also offer monitoring services.
Companies also need to devote more time to training their employees about good computer security, he adds.
Additionally, data collected by Riptech found that little attack traffic is being sent from countries listed by the US State Department as supporters of terrorism or cyberterrorism. Less than 1% of the total attack traffic seen over the period came from countries on the State Deparment's cyberterrorism watch list, the company says. Of that 1%, 84% of the traffic came from Iran, Pakistan, Egypt, Indonesia, Kuwait.
Countries identified by the US government as supporters of terrorism -- Iraq, Syria, North Korea and Libya -- were not found to be the source of any attacks for the first half of the year, though that could be due to different attack techniques and an inability to get data on such attacks, the company says.
"We've not seen any credible evidence of cyberterrorism taking place from those countries," Yoran says. This doesn't mean that attacks aren't originating with these countries, however, as attackers inside those countries could be taking over PCs elsewhere and using those systems for attack, he says.
Despite the lack of current evidence, "we do believe there is a credible threat of cyberterrorism," he says.