Security breaches are running rampant in the Asia Pacific (APAC) region, as findings from Evans Data Corporation indicate that three-quarters of the nearly 600 developers that were surveyed reported at least one violation during 2002. Of that group, two-thirds had three or more security breaches.

Comparatively, Evans Data found that 57 percent of North American developers had one breach, and less than half of that group had three or more.

"Not surprisingly, computer viruses are the most common breaches and more than half the breaches were viruses," said Esther Schindler, EDC senior analyst. "But 12 percent of APAC developers reported deliberate database hacks and 9 percent said they'd been the victims of unauthorized scripts. The situation is worst in China where well more than 4 out of 5 respondents experienced a breach."

China experienced the sharpest increase — up from 59 percent reporting at least one security breach to 84 percent — and almost 60 percent of Chinese respondents experienced three or more breaches in the past year.

China was also the most likely region to make the security breach public or to report to a security agency at 51 percent; India was second with 31 percent, Japan, 4 percent; and Australia/New Zealand, 2 percent.

Meanwhile, Internet Security Systems, Inc. (ISS) found a 36.6 percent increase in the number of global security incidents and confirmed attacks in the first quarter of 2003 from the fourth quarter of 2002, with e-mail viruses absorbing part of the blame.

"The large increase in mass mailing, highly persistent worms and security events indicates that this year will be challenging for security officers and administrators around the world. These levels are consistent with our forecasts that show a steady amount of malicious activity on the Internet throughout 2003," said Chris Rouland, director of Internet Security Systems' X-Force security research and knowledge services organization.

ISS attributes the increase in security incidents to the startling 867 percent jump in overall security events. This spike in security events — typically in the form of suspicious activities like automatic probing and scanning for vulnerabilities in computer systems — directly correlates to a major increase in the number of new worms and hybrid threats tracked in the 1Q 2003, which totaled 752 compared to 101 in the 4Q 2002.

Top Attack Categories
Suspicious Activity 73.51%
Unauthorized Access Attempt 10.65%
Protocol Decode 9.76%
Pre-Attack Probe 3.1%
Denial of Service 2.97%
Back Door 0.01%
Source: Internet Security Systems

ISS found that North America overwhelmingly accounted for the majority of attack sources at more than 86 percent. Europe trailed at 7.36 percent, and Asia claimed 3.98 percent.