One In Three Large Businesses In The UK Had Their Websites Attacked By Hackers Last Year, Survey Shows
One in three of the UK’s larger companies suffered hacking attempts on their websites in the last year, a new survey shows. Although businesses are confident their security defences are adequate, there are concerns that such comfort is misplaced. Businesses that were scanned reported an average of one probe each week, while 4% said their systems had been penetrated, four times as many as two years ago.
These are among the initial findings from the 2004 Department of Trade and Industry’s biennial Information Security Breaches Survey, conducted by a consortium led by PricewaterhouseCoopers. The full results of the survey will be launched at InfoSecurity Europe in London, April 27-29.
Key findings from the survey of some 1,000 companies include:
* Three quarters of businesses that reported system penetration rated it as their worst security incident of the year (worse than, for example, virus infections), with more than a third describing the impact as ‘very serious’;
* The main concerns were not so much financial loss or service disruption, but the time spent on investigation and remedy – a quarter took between two and 10 man-days of effort;
* Firewalls were the main line of defence against intrusion, with more than three quarters of businesses using one, although in 50% of the cases, this was their only defence;
* The larger the business, the more likely it is to have intrusion detection software as well;
* The number of smaller companies reporting hacking attempts was relatively low but has risen significantly since the last survey in 2002; the speed of the rise is, however, worrying given the growing dependence on websites;
* Around half of all businesses have their websites hosted externally and so rely solely on their provider for security, yet worryingly many were unaware of what defences those providers had against attack;
* Yet, despite increasing network security incidents, businesses remain largely satisfied about the effectiveness of defences, with 72% expressing confidence in their ability to detect or prevent security breaches;
* But this confidence may be misplaced because many organisations do not test their network security, although larger organisations are tending to use more tools to scan their systems for vulnerabilities;
* Businesses that carry out these checks reported more attempts to probe their website security but also said they had suffered less actual penetration of their systems by outsiders.
These findings are published in a fact sheet – ‘Intrusion Prevention’ – sponsored by McAfee Security.
Andrew Beard, the PricewaterhouseCoopers advisory services director involved in the survey, said:
“The survey findings point to a real concern that businesses without the right monitoring and intrusion prevention processes in place may have a false level of comfort. Scanning and hacking activity may not be detected until it is too late to react.”
Sarah Whipp, senior director, EMEA marketing at McAfee Security, added:
“The security challenge for business continues to grow as networks become more porous, intruders more sophisticated and the sheer variety of threats companies face increases. Proactive prevention technologies to combat both internal and external attacks are a commercial necessity.”
Notes to Editor
1. About the Survey
The 2004 DTI Information Security Breaches Survey is the most authoritative survey about this issue in the UK. It is part of the Department of Trade and Industry’s work with British industry to understand the impact of information security breaches. It aims to raise awareness among UK companies and public sector organisations of the value of effective information security management.
The survey was be conducted between October 2003 and January 2004 and is based on 1,000 telephone interviews with organisations of all sizes across all areas of the UK, plus a series of face to face interviews. A consortium led by PricewaterhouseCoopers is managing the 2004 survey. Other lead sponsors are Microsoft, Computer Associates and Entrust. Input has also come from the National Hi-tech Crime Unit, Royal Holloway, University of London, and the Information Assurance Advisory Council.
ONE IN THREE LARGE BUSINESSES IN THE UK HAD THEIR WEBSITES ATTACKED BY HACKERS LAST YEAR, SURVEY SHOWS…/3
The full results of the seventh, biennial survey will be published at the InfoSecurity Europe exhibition and conference in London April 27-29.
The factsheet ‘Intrusion prevention’ can be downloaded from www.security-survey.gov.uk, or www.dti.gov.uk/industries/information_security
2. About Network Associates
With headquarters in Santa Clara, California, Network Associates, Inc. (NYSE: NET) creates best-of-breed computer security solutions that prevent intrusions on networks and protect computer systems from the next generation of blended attacks and threats. Offering two families of products, McAfee System Protection Solutions, securing desktops and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate network, Network Associates offers computer security to large enterprises, governments, small and medium sized businesses, and consumers.
For more information, Network Associates can be reached at 01753 217500 or on the Internet at http://www.networkassociates.com/.
NOTE: Network Associates, McAfee, AVERT and Sniffer are either registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. (c) 2004 Networks Associates Technology, Inc. All Rights Reserved.
3. About PricewaterhouseCoopers IT security practice
PricewaterhouseCoopers has one of the largest information security teams in the world; its specialists have extensive experience of investigating security breaches and in-depth knowledge of the techniques available to protect against and limit the damage from such breaches.
4. About PricewaterhouseCoopers
PricewaterhouseCoopers (www.pwc.com/uk) provides industry-focused assurance, tax and advisory services for public and private clients. More than 120,000 people in 139 countries connect their thinking, experience and solutions to build public trust and enhance value for clients and their stakeholders. Unless otherwise indicated, PricewaterhouseCoopers refers to PricewaterhouseCoopers LLP a limited liability partnership incorporated in England. PricewaterhouseCoopers LLP is a member firm of PricewaterhouseCoopers International Limited.