No computer connected to a network is completely safe. Any computer that communicates with another, even occasionally, can fall victim to the threats that race around our interconnected world. Hackers live in any country. And the worms and viruses with the cute names--Code Red, Blaster, Nimba, Slammer, Sobig--don't recognize national borders. "There's no difference between the Blaster that hits Europe or the United States," says Gene Fredriksen, VP of information security at financial-services firm Raymond James & Associates, which has offices in several foreign countries. "We all swim in the same pool."
Cultures may differ and languages may vary, but the security threats IT systems around the world face are pretty much the same, according to the InformationWeek 2003 Global Information Security Survey of 2,500 business-technology and security professionals. And the tactics used to fend off those threats are similar the world over.
First the good news. In the 12 months ending in July, virus, worm, and Trojan-horse attacks hit 45% of sites surveyed, down dramatically from 66% in the same period two years ago. Those kinds of attacks occurred more often in South America (55%) and the Asia-Pacific region (49%) than in North America (46%) and Europe (41%). About 15% of sites surveyed suffered denial-of-service attacks, the same as in 2001, but more businesses in Asia-Pacific (19%) and North America (19%) experienced such attacks than companies in South America (14%) or Europe (11%).
As businesses are repeatedly hit by viruses, worms, and denial-of-service attacks that travel over the Internet, it's no surprise that security managers are paying more attention to external threats. Of the 1,255 sites reporting security breaches this year, 58% point the finger at hackers or terrorists (up from 42% in 2000) and 32% cite unauthorized users or employees (up from 22% in 2000). The number of survey respondents who suspect current or former employees declined slightly.
There are regional differences. Businesses in South America and the Asia-Pacific region, which have been getting hit harder by worms and viruses, plan to increase their security spending more than other regions. Some 53% of South American companies and 44% of Asia-Pacific companies say they'll boost their security spending, compared with 39% in North America and 30% in Europe. Only about 10% of companies in all regions say they'll spend less on security.
Most South American (71%), North American (68%), and Asia-Pacific (64%) businesses plan to improve operating-system security. Another top business priority is enhancing application security: South America, 74%; Asia-Pacific, 68%; North America, 63%.