Under Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
11:25 AM

Under Attack

Businesses are suffering more downtime as the threat from viruses and worms continues to grow

There's bad news on the information-security front. Hackers and virus writers are gaining ground again. Despite more spending on security technology, attacks are up for the first time in three years and downtime has increased. Business-technology and security managers are growing increasingly frustrated with flawed software that leaves openings for worms and viruses and want software vendors held legally and financially liable for security vulnerabilities in their products.

Security breaches and malicious code are more of a threat this year than last year, according to 81% of the 7,000 business-technology and security professionals from more than 40 countries who participated in the InformationWeek Research 2004 Global Information Security Survey. "It's the sheer volume of virus and worm attacks" that has caused much of the damage, says Tamara Schwartz, applications manager for information services at logistics and package-delivery company United Parcel Service Inc.

The costs are high. Research firm Computer Economics calculates that viruses and worms cost $12.5 billion worldwide in 2003. The U.S. Department of Commerce's National Institute of Standards and Technology says software flaws each year cost the U.S. economy $59.6 billion, including the cost of attacks on flawed code.

ChartChartAs a result of the growing number of attacks, downtime is up. The number of companies worldwide that report downtime of four to eight hours because of attacks increased from 18% to 22% year over year. Those experiencing eight to 24 hours of downtime also rose from 18% to 22%. And the number of companies that say their systems were down for one to three days because of attacks increased from 7% in 2003 to 16% in 2004. More businesses are suffering. In 1998, 50% of those surveyed reported no attack-related downtime. This year, only 6% make such a claim.

"I don't think you can find a company, any company, that doesn't see a growing risk. Intrusions and incursions are up in every business," says C. Michael Armstrong, the former CEO of AT&T who's now chairman of the security task force of the Business Roundtable, an association of U.S. CEOs, and a director for Comcast Corp., a cable TV and Internet service provider.

The problem is getting worse as the bad guys find more ways to infiltrate business-technology systems. As more businesses deploy peer-to-peer networks, instant messaging, wireless local area networks, and extended supply chains and provide an increasingly dispersed workforce with more mobile devices and ways to access systems remotely, there are more avenues than ever for hackers, worms, and viruses to penetrate computer systems and networks. "It's insane," says Randy Oehrle, network administrator for the city of Overland Park, Kan.

That helps explain plans to boost spending on security. Currently, survey respondents spend an average of 12% of their IT budgets on security, up from 8% in 2002, and roughly 60% plan to spend more dollars on security in the year ahead. Just 5% plan to decrease security spending.

Two major problems, according to survey respondents and interviews with more than a dozen security professionals, are flawed software applications and weak security tools.

The Business Roundtable, whose 150 members include General Motors, 3M, and Xerox, earlier this year called on the builders, buyers, and users of technology to focus more on security. The group, however, said the software industry had a special responsibility. Software vendors "have been strengthening their testing and they have escalated this as a priority," Armstrong says. Still, he doesn't believe that "the software providers are doing as much as they should be doing."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 5
Comment  | 
Print  | 
More Insights
Augmented Analytics Drives Next Wave of AI, Machine Learning, BI
Jessica Davis, Senior Editor, Enterprise Apps,  3/19/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll