|  |
Browser-Based Attacks May Pose Next Big IT Security Nightmare
Browser-based attacks are surging and may pose the
next significant security threat to information
technology (IT) operations. That is one of the key
findings of the second annual survey on IT security and
the workforce from CompTIA, the Computing Technology
Industry Association.
The survey of nearly 900 organizations found that
36.8 percent were plagued by one or more browser-based
attacks in the last six months. That's up from 25
percent in last year's survey.
Browser-based attacks use browser systems and user
system permissions to disrupt computer functions. These
attacks are unleashed when someone visits a web page
that appears harmless, but actually contains hidden
malicious code intended to sabotage a computer or
compromise privacy. The result of the attack may be as
simple as a crashed browser; or as serious as the theft
of personal information or the loss of confidential
proprietary data.
"The explosion of dynamic, created-on-the-fly web
pages, which often incorporate individual personal
preferences, is exposing organizations' IT systems to
new security threats," said John Venator, president and
chief executive officer, CompTIA. "It is clear that
education on IT security can no longer be limited to a
handful of IT personnel. Keeping the IT infrastructure
safe is the responsibility of everyone in the
organization."
Computer viruses and worm attacks, though still the
biggest threat to IT security, are significantly less
common than they were a year ago, according to the
CompTIA survey. Last year 80 percent of organizations
identified worm and virus attacks as their most common
IT security threat. This year, the comparable figure is
68.6 percent.
Network intrusion issues, named last year as the
second-most common security threat (65.1 percent),
showed a significant drop this year, falling to 39.9
percent. Organizations also reported significant
declines in problems caused by remote access, such as
virtual private networks and dial-up (41.7 percent, down
from 49.9 percent); and social engineering (17.9
percent, down from 21.9 percent).
Fighting Back
Antivirus applications are still the most commonly
used technology or practice to enforce security
requirements. The CompTIA survey found that 95.5 percent
of organizations use some form of antivirus
technologies.
Firewalls and proxy servers are the second most
commonly used technology, identified by 90.8 percent of
respondents. That's down from last year, when 93.7
percent of organizations reported using these
technologies.
Security audits and penetration testing account for
an increasing portion of the measures now in place to
monitor general security performance. They were
identified by 61 percent of respondents, up from 53
percent.
Other commonly used measures include systems
baselines (51.4 percent, up from 46.5 percent) and
change control tracking (44.3 percent, up from 39.1
percent)
.Fifteen percent of organizations reported they have
no measures in place to monitor general security
performance.
The survey was conducted for CompTIA by TNS
Prognostics of Palo Alto, Calif., a leader in customer
research based consulting for the IT industry. 05/2004, CompTIA
CompTIA is a global trade association representing the business interests of the information technology industry.
|
Subscribe to the newsletter | | |
More articles on this topic | | |
|  | | There is a growing realisation among organisations, be they large or small, that they need to focus on 'what they do best' but also explore new initiatives. More than ever, this dichotomy involves both productivity and revenue optimization... | |  | | As electronic communication vehicles like e-mail, instant messaging, and Web conferencing continue to grow, organizations will need to create a secure and low-cost infrastructure to tackle new challenges... | |  | | Employees working in IT security should not firewall off their own lines of communication. While technical skills are relatively easy to measure for IT security staff, managers need to place a greater emphasis... | |  | | The number of spam messages worldwide has grown an astonishing 115% from 15 billion in 2003, to 35 billion spam messages in 2004. In many cases, both corporate and consumer mailboxes are protected by more than one anti-spam solution... | |  | | When password management comes to mind, most managers think of their own personal passwords or the end-users’ passwords used to access the network, sales database or email systems. But there is another set of passwords... | |
|  | | Wikis have become an attractive alternative in content management. Whereas the structure of content in "real" management environments must be defined in advance, a wiki entirely adapts itself to meet content requirements... | |  | | It is only a small percentage of Web content that really makes a difference. It makes the sale, delivers the service, and builds the brand. This is the killer Web content... | |  | | Creating a content management system either from scratch, or using pre-existing building blocks, may sound like the ultimate way to get the exact solution you require. However, where there is light, there is also shadow... | |
| | | |
