Who is at risk from cyberattack?

It may come as no surprise that utility firms often come under assault from hackers, but some of Symantec's findings are not as predictable

Banking and utilities are two of the most at-risk sectors when it comes to the threat of attack by malicious code, such as hacks, worms and viruses. However, many may be surprised to hear that charities and not-for-profit organisations also feature prominently on the risk list.

Financial institutions such as banks and utility firms such as power companies are unsurprisingly targets for those looking to cause the most chaos, according to Symantec's Internet Security Threat Report.

While both industries have the financial clout to protect their systems -- and arguably have the most to lose by not doing so -- they also present both the greatest challenge and the greatest 'results' should a hacker or virus writer breach their defences.

As such it is perhaps surprising that charities and 'non-profit' organisations may be targeted. Typically these organisations have the fewest resources to spend on securing their high-tech defences and as such pose little challenge.

However, IT security firm Symantec attributes the high instances of cyberattacks in this sector to attacks against non-profit activist groups -- as diverse as animal rights organisations, lobby groups and software communities.

Such organisations, which often express controversial opinions, may well attract politically motivated cyberattacks -- a practice known as 'hactivism'.

In total, over the second half of 2002, Symantec recorded an average of 987 attacks per company in the power and energy sector. In second place were non-profit organisations with an average of 869 attacks per company. Third spot went to telecoms (845), fourth was high-tech (753) and fifth was banking and finance (689).

However, in terms of the level of severe attacks -- as measured by Symantec -- the top three were power and energy, banking and finance and non-profit. Almost 70 per cent of attacks targeted at power and energy companies were deemed to be severe, while for banking and non-profit organisations the figure was 48.1 percent and 30.4 percent respectively.

Company size is also an issue, suggesting larger companies are at risk for two reasons: the greater visibility resulting from being a larger firm makes them a target and also the greater number of staff increases the risk of 'operator error', especially where the opening of malicious email attachments is concerned.

Companies with in excess of 5,000 employees experienced twice as many attacks during the second half of 2003 as companies with less than 500 employees.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.