One in three firms suffer hacking attempts

One in three of the UK's biggest companies has suffered hacking attempts on their websites in the last year, a government-sponsored survey has revealed.

According to the 2004 Department of Trade and Industry biennial Information Security Breaches Survey, conducted by a consortium led by PricewaterhouseCoopers (PwC), four per cent of enterprises - four times as many as two years ago - said their systems were penetrated last year.

The survey of 1,000 companies found that three quarters of businesses that reported system penetration rated it as their worst security incident of the year (worse than, for example, virus infections), with more than a third describing the impact as 'very serious'.

Main concerns were not so much financial loss or service disruption but the time spent on investigation and remedy, with a quarter of respondents admitting that these processes took between two and 10 man-days of effort.

"A lot of the time hackers take over an individual account and use it to store material or investigate the system further," Chris Potter, partner at PwC, told vnunet.com.

"The time [is spent] in tracking down exactly where they've been."

Firewalls remain the main prevention tool, with more than three quarters of businesses deploying one. But in half of the cases a firewall was their only protection. Another 12 per cent of those surveyed admitted to having no protection at all.

Despite this, businesses remain largely satisfied with the effectiveness of their prevention measures; 72 per cent expressed confidence in their ability to detect or block security breaches.

But the report warned that such confidence could be misplaced. It found that many organisations do not test their network security, although larger firms tend to use more tools to scan their systems for vulnerabilities.

"The survey findings point to a real concern that businesses without the right monitoring and intrusion prevention processes in place may have a false level of comfort," said Andrew Beard, advisory services director at PwC, in a statement.

"Scanning and hacking activity may not be detected until it is too late to react."

Firms may also lack the expertise to identify where hackers have been following an attack.

"We've seen an increase in the number of people who have the basic knowledge to do this within large enterprises, but within SMEs it's a skills-set that is difficult to find internally and expensive to buy in externally," said Potter.

See also:

Hackers penetrate global finance firms

Frozen security budgets leave companies vulnerable to rising number of attacks  19 May 2004

Computer attacks on UK businesses double

DTI security breaches survey finds firms more vulnerable now than in 2002  27 Apr 2004

Insurers to drop hacking premiums

Prices predicted to drop as insurance firms gain better understanding of market  02 Apr 2004

Identity breach risk accelerates

Flaws in identity management have huge impact  10 Mar 2004

Half of UK firms hit by viruses last year

Infection rates soar as companies fail to update antivirus software  02 Mar 2004

Disaster recovery plans not up to scratch

DTI research finds most UK firms enjoying false sense of back-up security  17 Feb 2004

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!