Browser-Based Attacks May Pose Next Big IT Security Nightmare
 |  | http://www.securitymanager.net/magazine/article_471_browser-based_attacks_may_pose_next_big_it.html |
Browser-based attacks are surging and may pose the
next significant security threat to information
technology (IT) operations. That is one of the key
findings of the second annual survey on IT security and
the workforce from CompTIA, the Computing Technology
Industry Association.
The survey of nearly 900 organizations found that
36.8 percent were plagued by one or more browser-based
attacks in the last six months. That's up from 25
percent in last year's survey.
Browser-based attacks use browser systems and user
system permissions to disrupt computer functions. These
attacks are unleashed when someone visits a web page
that appears harmless, but actually contains hidden
malicious code intended to sabotage a computer or
compromise privacy. The result of the attack may be as
simple as a crashed browser; or as serious as the theft
of personal information or the loss of confidential
proprietary data.
"The explosion of dynamic, created-on-the-fly web
pages, which often incorporate individual personal
preferences, is exposing organizations' IT systems to
new security threats," said John Venator, president and
chief executive officer, CompTIA. "It is clear that
education on IT security can no longer be limited to a
handful of IT personnel. Keeping the IT infrastructure
safe is the responsibility of everyone in the
organization."
Computer viruses and worm attacks, though still the
biggest threat to IT security, are significantly less
common than they were a year ago, according to the
CompTIA survey. Last year 80 percent of organizations
identified worm and virus attacks as their most common
IT security threat. This year, the comparable figure is
68.6 percent.
Network intrusion issues, named last year as the
second-most common security threat (65.1 percent),
showed a significant drop this year, falling to 39.9
percent. Organizations also reported significant
declines in problems caused by remote access, such as
virtual private networks and dial-up (41.7 percent, down
from 49.9 percent); and social engineering (17.9
percent, down from 21.9 percent).
Fighting Back
Antivirus applications are still the most commonly
used technology or practice to enforce security
requirements. The CompTIA survey found that 95.5 percent
of organizations use some form of antivirus
technologies.
Firewalls and proxy servers are the second most
commonly used technology, identified by 90.8 percent of
respondents. That's down from last year, when 93.7
percent of organizations reported using these
technologies.
Security audits and penetration testing account for
an increasing portion of the measures now in place to
monitor general security performance. They were
identified by 61 percent of respondents, up from 53
percent.
Other commonly used measures include systems
baselines (51.4 percent, up from 46.5 percent) and
change control tracking (44.3 percent, up from 39.1
percent)
.Fifteen percent of organizations reported they have
no measures in place to monitor general security
performance.
The survey was conducted for CompTIA by TNS
Prognostics of Palo Alto, Calif., a leader in customer
research based consulting for the IT industry.
Published: 05/2004
Author: CompTIA
CompTIA is a global trade association representing the business interests of the information technology industry.
|
