The Internet is an increasingly dangerous place for companies with cyberattacks up 28 percent for the first half of 2002 over the last half of 2001, according to a new report released Monday by security services company Riptech Inc.
The Riptech Internet Security Threat Report tracked security data from the firewalls and intrusion detection systems of over 400 companies in over 30 countries from January 1 to June 30. Seventy-four percent of the companies in the study have fewer than 1,000 employees, with 14 percent carrying more than 5,000 workers.
The companies that were monitored experienced an average of 32 attacks per week in the period, up from 25 in the previous period, according to the company.
The seventh annual Computer Crime and Security Survey conducted by the Computer Security Institute and the U.S. Federal Bureau of Investigation last year found that 90 percent of responding companies had faced a cyberattack in 2001. Companies involved in critical infrastructure work, such as power and energy companies, were bigger targets for attackers, with 70 percent of such companies undergoing a severe attack in the six-month period, up from 57 percent facing such a threat in 2001, Riptech said. Overall, public companies were nearly twice as prone to attack as private companies, non-profit groups and government agencies, the study found.
"Virtually all statistics indicate that Internet attack activity remains intense, pervasive and potentially severe," the study said.
Despite that severity, Riptech found that the range of attacks used was fairly narrow. Ninety-nine percent of attacks focused on just 20 services, including HTTP (Hyptertext Transfer Protocol), FTP (File Transfer Protocol) and Telnet.
"Unprotected organizations do face a significant potential of risk," said Elad Yoran, executive vice president and co-founder of Riptech, which is located in Alexandria, Virginia.
All the news wasn't bad, however, as Riptech also found that "companies may be achieving some level of success in defending against Internet attacks," according to the report.
The company came to this conclusion as the number of companies suffering severe attacks over the last six months was down by nearly half -- to 23 percent -- over the last six months of 2001.
In order to better protect themselves, companies should combine the use of security hardware, such as firewalls and intrusion detection systems, with realtime security monitoring, a service Riptech offers, Yoran said. Other companies, such as TruSecure Corp., SecurityFocus Inc. and Counterpane Internet Security Inc. also offer monitoring services.
Companies also need to devote more time to training their employees about good computer security, he added.
Additionally, data collected by Riptech found that little attack traffic is being sent from countries listed by the U.S. State Department as supporters of terrorism or cyberterrorism. Less than one percent of the total attack traffic seen over the period came from countries on the State Dept.'s cyberterrorism watch list, the company said. Of that one percent, 84 percent of the traffic came from Iran, Pakistan, Egypt, Indonesia, Kuwait.
Countries identified by the U.S. government as supporters of terrorism -- Iraq, Syria, North Korea and Libya -- were not found to be the source of any attacks for the first half of the year, though that could be due to different attack techniques and an inability to get data on such attacks, the company said.
"We've not seen any credible evidence of cyberterrorism taking place from those countries," Yoran said. This doesn't mean that attacks aren't originating with these countries, however, as attackers inside those countries could be taking over PCs elsewhere and using those systems for attack, he said.
Despite the lack of current evidence, "we do believe there is a credible threat of cyberterrorism," he said.