Companies Experience Exponential Rise In Web Attacks: Survey - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure

Companies Experience Exponential Rise In Web Attacks: Survey

Businesses often ignore the fact that their Web sites are the weakest link in their security efforts.

The number of companies reporting Web-site attacks has skyrocketed in the past year, according to a survey released this week by the Computer Security Institute. The Computer Crime and Security survey, conducted in January by the institute and the computer-intrusion squad of the FBI's San Francisco office, found that 95% of respondents had experienced more than 10 Web-site incidents during 2004, up from 5% in 2003. Some 700 computer-security practitioners in U.S. companies, government agencies, medical institutions, and universities responded to the survey.

The huge increase is because companies recognize that their Web sites provide a gateway for thieves to steal data, experts say. "We're seeing a huge change in the numbers, not because these things weren't happening, but because people weren't aware that attackers could walk right through their front doors [Web sites] and steal information," says Erik Caso, VP of business development at NT Objectives Inc., an application security and software company.

Companies have invested heavily in firewalls, intrusion-detection systems, and other technologies to protect their networks, but have largely ignored the fact that public Web sites provide enough information to allow criminals to get at sensitive data. By simply manipulating URLs or cookies, hackers can gain entry to proprietary information without setting off any alarms. "Instead of trying to get past the firewall, they just sail through it by browsing the Web site," Caso says.

Firewalls and intrusion-detection systems are effective at preventing outsiders from accessing operating systems and E-mail servers, but they can't protect data from escaping once an authentication mechanism has been thwarted. If an intruder isn't being checked for authentication by a Web application, there's no way an intrusion-detection system can catch him until it's too late, says Ken Pfeil, chief security officer at Standard & Poor's Capital IQ unit, which provides market data and analytics software to financial companies. A detection system may note a number of failed login attempts, but it can't prevent a poorly designed application from being tricked into giving information, he says.

Capital IQ has noted an increase in such Web attacks but has designed its applications to prevent unauthorized access. "You need to have a strong application development process in order to catch exceptions," Pfeil says.

Clients of Capital IQ, such as investment banks, advisory firms, and law firms, store proprietary information on Capital IQ's systems and use its software to crank out numbers for mergers and acquisitions and other large financial deals. The worst-case scenario for Capital IQ would be someone obtaining access, either inadvertently or by design, to information about a rival firm's deal. In order to prevent that, Pfeil says, "we've treated security as a fundamental part of the software-development life cycle."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll