IT security officers have a growing problem on their hands -- browser-based attacks such as "pharming" scams rose significantly for the third straight year, making them the fastest growing security threat, according to a study by the Computing Technology Industry Association (CompTIA), a nonprofit trade organization based in Chicago.
The Web-based survey contacted officers with security responsibilities, such as network administrators or chief information officers, from nearly 500 companies in sectors such as finance, education, government and manufacturing. It found that 56.6 percent of the companies had been victimized by a browser-based attack in the past year, up from 36.8 percent a year ago and 25 percent two years ago.
The drastic increase in incidents suggests that the browser-based attack is beginning to rival virus and worm attacks as a threat to companies' security. The number of virus and worm attacks fell 2 percent over the last year, to exactly two thirds.
Browser-based attacks use a browser system to disrupt a computer's data processing capabilities, said CompTIA spokesman Stephen Ostrowski.
"Pharming" is an example of a browser-based attack and occurs when a user types in a legitimate Web address and instead is redirected to a fraudulent page. Sometimes users are hooked into these schemes through fake e-mail messages, a technique known as phishing. These attacks unleash unwanted software and malicious code on the user's computer.
"The result of such an attack could be [as trivial as] having to reboot but could be as serious as identity theft or loss of data," Ostrowski said.
The incidence of phishing attacks alone increased from 18 percent a year ago to a quarter of the companies surveyed this year.
Companies are taking various steps to prevent all types of security attacks. Though the vast majority of companies have invested heavily in protective hardware and software such as antivirus programs, the real security challenge lies in properly training employees.
"[Our studies] showed that human error either alone or in combination with technology is responsible for about four out of five security breaches," Ostrowski said. "It is very important for these organizations to develop security policies and make sure that these policies are disseminated from the top down, because anybody [can create] a potential security threat."