Under Attack - InformationWeek
Software // Enterprise Applications
11:25 AM

Under Attack

Businesses are suffering more downtime as the threat from viruses and worms continues to grow

There's bad news on the information-security front. Hackers and virus writers are gaining ground again. Despite more spending on security technology, attacks are up for the first time in three years and downtime has increased. Business-technology and security managers are growing increasingly frustrated with flawed software that leaves openings for worms and viruses and want software vendors held legally and financially liable for security vulnerabilities in their products.

Security breaches and malicious code are more of a threat this year than last year, according to 81% of the 7,000 business-technology and security professionals from more than 40 countries who participated in the InformationWeek Research 2004 Global Information Security Survey. "It's the sheer volume of virus and worm attacks" that has caused much of the damage, says Tamara Schwartz, applications manager for information services at logistics and package-delivery company United Parcel Service Inc.

The costs are high. Research firm Computer Economics calculates that viruses and worms cost $12.5 billion worldwide in 2003. The U.S. Department of Commerce's National Institute of Standards and Technology says software flaws each year cost the U.S. economy $59.6 billion, including the cost of attacks on flawed code.

ChartChartAs a result of the growing number of attacks, downtime is up. The number of companies worldwide that report downtime of four to eight hours because of attacks increased from 18% to 22% year over year. Those experiencing eight to 24 hours of downtime also rose from 18% to 22%. And the number of companies that say their systems were down for one to three days because of attacks increased from 7% in 2003 to 16% in 2004. More businesses are suffering. In 1998, 50% of those surveyed reported no attack-related downtime. This year, only 6% make such a claim.

"I don't think you can find a company, any company, that doesn't see a growing risk. Intrusions and incursions are up in every business," says C. Michael Armstrong, the former CEO of AT&T who's now chairman of the security task force of the Business Roundtable, an association of U.S. CEOs, and a director for Comcast Corp., a cable TV and Internet service provider.

The problem is getting worse as the bad guys find more ways to infiltrate business-technology systems. As more businesses deploy peer-to-peer networks, instant messaging, wireless local area networks, and extended supply chains and provide an increasingly dispersed workforce with more mobile devices and ways to access systems remotely, there are more avenues than ever for hackers, worms, and viruses to penetrate computer systems and networks. "It's insane," says Randy Oehrle, network administrator for the city of Overland Park, Kan.

That helps explain plans to boost spending on security. Currently, survey respondents spend an average of 12% of their IT budgets on security, up from 8% in 2002, and roughly 60% plan to spend more dollars on security in the year ahead. Just 5% plan to decrease security spending.

Two major problems, according to survey respondents and interviews with more than a dozen security professionals, are flawed software applications and weak security tools.

The Business Roundtable, whose 150 members include General Motors, 3M, and Xerox, earlier this year called on the builders, buyers, and users of technology to focus more on security. The group, however, said the software industry had a special responsibility. Software vendors "have been strengthening their testing and they have escalated this as a priority," Armstrong says. Still, he doesn't believe that "the software providers are doing as much as they should be doing."

1 of 5
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll