Web server attacks doubled over the last year

Survey finds 90% of firms hit by viruses too

  • alert
  • submit to reddit

SANS - Survey on application security programs

Web server attacks have doubled over the course of the last year, despite increased spending on security.

That's the main conclusion of a survey of more than 2,500 organisations, sponsored by security firms TruSecure and Predictive Systems. The survey found that almost half those quizzed (48 per cent) had suffered a Web server attack in 2001, against 24 per cent in 2000. Viruses, worms, Trojans and other malware infected 90 percent of the respondents to the survey, even though 88 percent of those companies already had antivirus protection in place (which doesn't say a lot for AV software, but we digress).

Although security spending continues to grow, the survey threw up the interesting finding that a third of surveyed companies froze spending during the course of this year due to the general economic malaise we're all living through.

Corporate funding for infosecurity continues to grow overall, though the pace has slowed from that of recent years. Nearly one-third (29 per cent) of surveyed companies froze security spending sometime in 2001 due to adverse economic conditions.

Disgruntled company insiders remain far more a security threat than hackers and s'kiddiots but security the edge of corporate networks (through firewalls, VPNs and the like) remains the number one priority for BOFHs.

As far as directions in technology spending go, the survey concludes that 2002 will be the year that Public Key Infrastructure (PKI) technology finally takes off, a prediction that we've heard for the last three years but is yet to come about. We're far more in agreement with the survey's finding that wireless and enterprise security management will be hot areas next year though.

You can see the main findings of the survey, which were published in the October issue of Information Security magazine, here. ®

Related Stories

Can IIS flourish post-Gartner?
Microsoft (finally) tries to make IIS secure
FBI lists 20 most dangerous Internet security holes

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.