Security incidents soar by 84%, says report

The number of computer security incidents and attacks detected at businesses worldwide has soared by 84% between the fourth...

The number of computer security incidents and attacks detected at businesses worldwide has soared by 84% between the fourth quarter of 2002 and the first quarter of 2003, fuelled by a surge in the number of mass-mailing worms, according to Internet Security Systems.

"What we're seeing out there is a lot more folks being extremely active and a lot more malicious behaviour," said Pete Allor, manager of ISS's X-Force threat analysis Sservices division.

"We've also seen a corresponding high degree of website defacements."

The large increase in worms and other security-related incidents point to a challenging year ahead for IT security staff. The tally includes relatively minor activities, such as scanning corporate networks for vulnerabilities, and more serious events such as the Slammer worm, which emerged in January. According to some experts, this was the fastest spreading worm yet.

The number of worms and hybrid threats between 1 January and 31 March totalled 752, compared with 101 in the fourth quarter of last year, the report found.

X-Force also noted an increase in the number of "zero day" attacks, in which hackers attack a software vulnerability that is not yet known about by suppliers.

Faced with such an abundance of activity, businesses can help themselves by focusing on the security threats that pose the most risk to them, Allor said.

"When you have almost 300 issues a month coming out, the important part is, how do you focus on the ones that are significant to you?" he said.

The severity ratings assigned by IT suppliers are only one factor to consider when determining how to respond to a threat. Businesses should also look at where the affected system resides in the network, what level of risk they are prepared to tolerate for that system, and how well the system is protected by firewalls and other technologies.

The report tracked 20 industry sectors over the quarter and found that retail businesses were attacked the most, accounting for 35% of attacks, financial services accounted for 11.5%, healthcare and manufacturing 9% each, and federal and local government accounted for 1%.

The frequency of attacks on an industry may reflect several factors, including the proportion of money spent by the IT industry on security and how successful hackers have been in the past at targeting a particular sector.

XForce's Internet Risk Impact Summary (IRIS) report draws information from more than 400 network and server-based intrusion detection sensors located at businesses on four continents and spanning all major industries.

Among the other findings:

  • of all the events reported by businesses in the quarter, the top categories were "suspicious activities", which includes scanning networks for vulnerabilities and accounted for 73.5% of total events, and unauthorised access attempts, which accounted for 11%.
  • 26% of security events occurred over weekends in the first quarter of 2003, and most events occurred on a Friday.  The Slammer worm began its propagation on Saturday 25 January.

Allor said it was hard to determine if the number of malicious hackers at work is increasing, but estimated that there were more than three million in the US.

Read more on IT risk management