When it comes to defending their computer networks against unwanted attacks, corporate America is getting smarter and more aggressive. But so are the criminals mounting those cyber attacks.
According to two new surveys, the threat to corporate computer systems from worms, viruses and cyber-borne attacks is getting worse, despite stronger corporate defenses. The data show that while corporate America isn’t losing the war against computer hackers, it certainly isn’t winning it.
A recent study by security software provider Symantec found the number of so-called “phishing” attacks — when individuals try to fraudulently obtain passwords and sensitive personal information through official-looking e-mail messages — soared more than 260 percent in the second half of 2004. And virus and worm attacks against Windows-based computers jumped more than 300 percent. The number one target for these attacks: financial institutions.
Another survey, this time of 229 mid-size and large companies conducted in January by Mazu Networks, a network security firm, found that 47 percent had networks compromised by a self-propagating worm in the last year.
“When we’re looking at the broader picture of phishing, fraud, spyware, viruses and worms, it really does impact everybody equally, from a home user all the way up to the large enterprise,” said Vincent Weafer of Symantec’s security-response team.
Weafer notes that many cyber attacks are now trying to bypass the traditional defenses inside a company, and so while a company’s peripheral defenses are improving, cyber attackers are working on attacking through individual PCs, or through a browser — avenues of attack that are more difficult to protect against according to Weafer.
Security flaws in Microsoft’s Internet Explorer are partly responsible for the rise in cyber attacks. And companies that rely heavily on mobile computing, like wireless devices and off-site contractors, are becoming more vulnerable to computer break-ins, security experts say.
(MSNBC is a Microsoft-NBC joint venture.)
Network connectivity now a requirement at most businesses, and so companies are opening up their networks to improve efficiency and performance says Paul Brady, president and COO at Mazu Networks. “What that really means is more people have access to [a company’s] internal network,” he added.
While security continues to get top priority in most corporate software spending budgets, shares of every one of the major computer security firms are down since the beginning of the year, reflecting the general weakness in the overall technology sector and some concern that Microsoft may soon jump into the Internet security business and flex its 800-pound gorilla muscles.
Still, over the past 12 months shares of most of the companies in the Internet security sector have posted double-digit gains.
Meanwhile, cyber attacks continue to evolve and migrate to wireless and handheld devices. Last June, for example, the first cell phone worm was found. Today, there are more than 20.