Mon Mar 21, 2005 6:45 AM ET (original story...)
Cyberintruders have stepped up their attacks on corporate computer networks, according to two surveys released Monday.
Symantec (SYMC) , the world's largest supplier of anti-virus software, reports a 332% spike in worms and viruses launched against Windows desktop computers and servers in the last half of 2004 compared with the year before - 7,360 variants in all.
What's more, the bad guys' determination appears to be paying off. In a January survey of 229 midsize and large companies, security firm Mazu Networks found 47% had networks compromised by a self-propagating worm in the past year.
Companies set up perimeter firewalls as a first defense. So intruders have begun probing the pathways corporations keep open to communicate one-on-one with employees, customers and suppliers.
Firewalls alone "simply can't cope with today's wildly diverse group of users and access methods," says Dennis Brouwer, senior vice president of security firm Endforce.
Areas ripe for intrusion include:
- Web applications. Web pages set up to share, create or modify data are an inviting back door into corporate networks. Symantec logged 670 Web application vulnerabilities in the second half of 2004, vs. 369 a year earlier.
Security experts say cybercrooks are finding new ways to break in through Web applications - and scoring bigger payoffs. Of the companies in Mazu's survey that experienced security breaches, 40% reported critical system disruptions, and 38% reported losing data.
"Security is a bit like an arms race," says Jim Maloney, chief security executive at Corillian, supplier of corporate security systems. "As the defenses get better in one area, the attacks move to another area and morph into another form."
- Web tools. Workers on their own initiative are using free instant messaging services and desktop tools to do Web searches and locate files. They are also accessing the Internet wirelessly on laptops, handheld devices and cell phones.
But most companies are just starting to look into setting up secure systems for such tools. Without tight controls, they are proving to be "a great vector for worms, viruses and spam," says Alfred Huger, Symantec's senior director of engineering.
Tech managers are responding by banning some free tools and wireless devices. But restrictive policies are not the long-term answer, says Phil McMurray, director of information technology security, at Advo, the nation's largest direct-mail advertiser.
At the request of some of Advo's 4,000 employees, McMurray is developing a policy for using wireless devices and reviewing hardware and software. He sympathizes with workers' sense of urgency.
"It's human nature to try to use new tools to get an edge in the marketplace," he says. "But I'm preaching patience, which doesn't always come easy."
