E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Security Breaches And Attacks Double In One Year

Source: USA Today

Posted on January 23, 2002

      Spending on Internet security continues to grow, yet the worldwide supernetwork remains more vulnerable than ever to viruses, break-ins and terrorism.

      Simply put, hackers are getting smarter, and computer networks are getting more complex and difficult to keep safe.

      "The rate of growth of our vulnerabilities is exceeding the rate of improvements in security measures," said Michael Vatis, former director of the FBI's National Infrastructure Protection Center. "We're not improving fast enough to keep pace with the problem, let alone get ahead of the problem."

      Bruce Schneier, chief technical officer at Counterpane Internet Security, said companies that invest in security may be reducing their own risks, but new networks with minimal protections are constantly joining the Internet.

      "Overall, security goes down," Schneier said. "Things are bad out there, and things are getting worse."

      CERT Coordination Center, the government-funded computer emergency response team at the Carnegie Mellon University, says it received reports last year of 52,658 security breaches and attacks, and 2,437 computer vulnerabilities more than double the figures for 2000.

      Part of the increase results from greater awareness, and network operators are reporting incidents they wouldn't have noticed in the past, said Marty Lindner, a team leader at CERT.

      But hackers have also produced better tools for automating attacks, making them more numerous, Lindner added.

      Last year, the Internet was hit with a new class of worms, which unlike viruses do not require human intervention to spread. Code Red and Nimda found new ways to propagate rapidly and tied up Internet traffic worldwide by exploiting well-known software vulnerabilities.

      One version of Code Red was also programmed to launch a strike on the White House's Web site on a given date, though the site's administrators took corrective action in time. A second version installed a program that could give outsiders control of infected computers.

      "A single threat can now combine a number of different attacks," said Stephen Trilling, a research director at security company Symantec.

      In addition to unleashing Medusa-like threats, hackers are also quicker to exploit new vulnerabilities, giving system administrators less time to react, said Chris Rouland, director of the X-Force research team at Internet Security Systems.

      According to a study from Computer Economics, a research firm, Code Red and Nimda caused more than $3 billion in damages and economic disruption worldwide.

      The worms prompted several companies and network operators to bolster their defenses.

      As a result, computer security companies saw revenue growth of 15% to 20% last year, according to Chris Christiansen, a research analyst at IDC.

      But that's still lower than the 30% to 50% growth experienced in past years, Christiansen said. And while security companies said the Sept. 11 attacks initially prompted more inquiries and sales, IDC found no lasting boost in revenues.

      Steve Lipner, director of security assurance at Microsoft, sought to put security risks in perspective, saying millions of people use the Internet daily "without any ill effect at all."

      Even so, Microsoft Chairman Bill Gates directed employees last week to put security and privacy ahead of new capabilities in the company's products.

      "If we don't do this, people simply won't be willing or able to take advantage of all the other great work we do," he said in an e-mail memo.

      Many security breaches, including Code Red and Nimda, exploited flaws in Microsoft products, and security experts disclosed last month that hackers could seize control of computers running Windows XP marketed as the company's most secure system unless users installed a patch to fix it.

      The risks aren't limited to Microsoft products.

      Jerry Freese, director of intelligence at security firm Vigilinx, warned of dangers in the burgeoning world of wireless networks that allow hackers to intercept private communications and even break into systems.

      Freese said wireless technologies will face some of the security challenges that wired systems went through earlier.

      Another risk lies in home high-speed networks, he said.

      Home users tend to be less knowledgeable about security yet their computers are getting powerful enough for hackers to take over and launch denial-of-service strikes, which aim to paralyze a Web site or computer system by flooding it with fake traffic.

      Of greatest concern are cyberattacks that could bring down electric power grids, automated teller machines and public transportation systems, disrupting the economy and posing safety risks to the public.

      As more efforts are directed at improving physical security at national borders and airports, terrorists will look for targets elsewhere in cyberspace, said Michael Erbschloe, author of Information Warfare: How to Survive Cyberattacks.

      Erbschloe, who is also vice president of research at Computer Economics, said newcomers to the Net, including small- and medium-sized businesses, represent the weakest links.

      "Large companies have learned their lessons pretty well, and most government (agencies) are taking this far more seriously," Erbschloe said. "But we still have a growing new population. A lot of people don't have a clue."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.