Likelihood of Successful Attack

Measuring the likelihood of successful attack is very difficult. The most recent CSI/FBI report on Cyber Security (2004) reported that 53% of survey respondents were successfully breached with a cost of damage in excess of $500,000 per incident. The actual percentage could be much higher due to many companies’ reluctance to reveal security information. In fact, 48% of respondents did not report breaches in general fearing leakage of information.
What can be safely said is that a majority of companies were successfully attacked against their existing technologies and protections. Web Services provides new conduits for attack and therefore will have a higher percentage of successful attack. Web Services are essentially standardized interfaces or API’s into many different types of applications. These applications are not protected in a consistent way, nor are existing technologies such as SSL and network firewalls prepared to protect them. In fact, a recent Gartner Group report stated that
“Web Services will reopen 70% of attack paths closed by network firewalls.”
A recent IDC study found that security topped the list of Web Services software that companies would invest in. Over 70% of respondents in this May 2004 survey said that they planned to invest in security software for
Web Services.