Almost one-third of UK businesses are habitually targeted by hackers, but most are satisfied with their security measures, according to the Department of Trade and Industry’s latest Information Security Breaches Survey.
The survey of around 1,000 UK organisations, big and small, found that the number of companies targeted by hacker ‘scans’, which randomly probe corporate computers to test for vulnerabilities, had grown from 7% to 13% since the last time the survey was carried out two years ago. It discovered that each business is ‘scanned’ about once a week on average, with large companies targeted more frequently than others.
The survey also found that the proportion of companies failing to foil hack attacks has increased from 1% to 4% since 2002. Of those, three-quarters regarded hacking as a bigger headache than even the most serious virus attacks – not only because of the financial damage it could cause but also because of the time and resources invested in remedying the problem.
The results of the survey, which was conducted by an industry consortium led by PricewaterhouseCoopers, seemed to suggest that one of the reasons for the growing frequency of attacks was the growth in the number of transactional web sites. In 2002, only 13% of companies had them; now, 73% do.
Firewalls are the most common form of defence, used by 75% of companies. But more than half of firewall users admitted it was their only protection, and 12% admitted they did not have any defence at all. The larger the business, the more likely it is to protect its web site with a firewall and intrusion-detection software.
The report also expressed concern that, although 72% of businesses were “quite or very confident” about their protection, there was evidence of a lack of effective monitoring, which suggested that some businesses might be underestimating the dangers.
But attempts to combat the problem has backfired on some companies. False positives – legitimate emails filtered out in error – are “worse than spam”, says Craig Whitney, FrontBridge’s European managing director. He cites examples of ecommerce receipts, travel tickets and even personal emails blocked by filtering software.