CompTIA Predicts Browser-Based Attacks
Although computer viruses and worms are still the biggest threat to IT security, a recent survey from CompTIA shows that browser-based attacks are growing and may be the next major security threat to hit IT operations. CompTIA’s second annual survey on IT security and the workforce, which surveyed nearly 900 organizations on their IT security practices, showed that 36.8 percent of those surveyed experienced one or more browser-based attack in the past six months, up from 25 percent in last year’s survey.
A browser-based attack uses browser systems and user system permissions to disrupt computer functions. Web pages can contain hidden malicious code that is intended to sabotage computers and/or compromise privacy. Unprotected and uninformed users are at risk of crashed browsers or theft of personal or confidential proprietary information from such attacks.
Despite the increase in browser-based attacks, computer viruses and worms are still the biggest threat, though they are less common than they were a year ago. In last year’s survey, 80 percent of organizations identified worms and viruses as their most common IT security threat. This year, that number dropped to 68.6 percent.
Also dropping this year were network intrusions, which fell from 65.1 percent last year to 39.9 percent in this year’s survey, problems caused by remote access, which fell from 49.9 percent to 41.7 percent, and social engineering, which fell from 21.9 percent to 17.9 percent.
The most commonly used technology for enforcing security requirements is antivirus applications, which are employed by 95.5 percent of organizations. Second most common were firewalls and proxy servers, used by 90.8 percent of the organizations surveyed. More organizations were using security audits and penetration testing as part of their security measures, up to 61 percent from 53 percent in last year’s survey. Fifteen percent of organizations said they have no measures for monitoring security performance.
For more information, visit http://www.comptia.org.