Web Server Attacks Doubled in 2001

By Amy Newman

(Back to article)

IT and computer security magazine Information Security this week released the findings of its 2001 Information Security Industry Survey. The survey was co-sponsored by TruSecure Corp. (Information Security's parent company) and Predictive Systems.

Despite enterprises' claims of increased corporate spending on computer security, survey results revealed that cyber attacks and viruses have continued to impact organizations with alarming frequency.

Almost half of the more than 2,500 organizations surveyed were hit by a Web server attack in 2001, nearly double the number hit in 2000. Viruses, worms, Trojans Horses, and other "malware" infected 90 percent of these organizations, even with antivirus protection in place in 88 percent of those surveyed.

"The survey proves just how pervasive and serious attacks like Code Red and Nimda are," said Andy Briney, editor in chief of Information Security and lead analyst of the survey.

"Even 'security-aware' organizations are being attacked on all sides, both internally and externally," Briney added.

One cure for those hit by both Code Red and Nimda may be migration to a Web server other than IIS. An advisory issued by Gartner last month recommended that enterprises hit by both Code Red and Nimda begin investigating alternatives to the popular Microsoft product, such as moving Web applications to less-vulnerable Web server products.

Among other survey findings:

The fourth annual Information Security Industry Survey was conducted in late July and early August. It was completed by 2,545 information security managers, engineers, administrators, consultants, and analysts from financial services, healthcare, consulting, government, and other public and private industries.

The entire survey analysis and results can be viewed at http://www.infosecuritymag.com/articles/october01/images/survey.pdf. The survey is also available in the October issue of Information Security magazine.

Editor's note: This story first appreared on ServerWatch, an internet.com site.