DTI survey finds virus infection biggest cause of security incident

By | February 28, 2006

Infection by viruses was the biggest single cause of the worst security incidents for UK companies in the past two years, accounting for roughly half of them, a new survey shows. Two-fifths of these were described as having a serious impact on the business, according to findings from the 2006 Department of Trade and Industry´s biennial Information Security Breaches Survey, conducted by a consortium led by PricewaterhouseCoopers LLP. The full results of the survey will be launched at Infosecurity Europe in London, 25-27 April.

The survey showed that virus infections were more likely to have caused service interruption than other incidents. Usually the disruption was minor but roughly a quarter of companies questioned who reported a virus as their worst incident had major disruption, with important services such as email down for more than a day.

The majority of UK businesses surveyed have a broadband link to the Internet (88%) and as a result, the threat from malicious software such as viruses has never been greater. UK businesses have responded and now almost every company uses anti-virus software. Despite the increased threat, fewer companies had viruses than in the last two surveys. Infection rates have dropped by roughly a third since two years ago.

While the number of companies infected has fallen since 2004, the average number of infections suffered by those affected has risen to roughly one a day. Several businesses reported hundreds of infections a day.

Key findings from the telephone survey of 1,000 companies include:

A quarter of UK businesses are not protecting themselves against the threat caused by spyware. As a result roughly one in seven of the worst incidents involving malicious software related to spyware that can download onto a computer when the user visits an unscrupulous website.

Two years ago, a small number of viruses dominated, for example Netsky and Bagle/Beagle. In contrast over the last year, no single virus has caused widespread damage. Instead the nature of viruses – and the motivation of their writers – has changed. Some malicious viruses, known as ´bots´, take over machines turning them into ´botnets” used for cyber crime and cleaning up the problems can take weeks of effort.

Patching discipline has improved: nearly nine in ten UK businesses (88%) apply new operating system security updates within a week of their release, compared with 79% of businesses in 2004.

Companies that install critical patches within a day suffered fewer virus infections than those that wait even a week.

Companies without anti-virus software did not report many infections. One explanation is that companies that suffer virus infection tend to install anti-virus software afterwards. More worrying is the possibility that the changing nature of viruses may mean that some do not realise a virus has infected their systems.

One-fifth of the companies questioned in the survey said that they do not update signature files (used to protect against viruses) within a day.

Virus infections tended to take more effort to resolve than other incidents sometimes taking over 50 days´ work to fix.

These findings are published in a factsheet – ´Viruses and malicious software´ – sponsored by security software specialist Symantec.

Chris Potter, the partner from PricewaterhouseCoopers LLP leading the survey, said:

“It´s very encouraging to see the progress that UK companies have made in installing anti-virus software and patching their systems. However, there´s a danger of fighting yesterday´s battle. Past viruses were designed to cause large amounts of indiscriminate damage typically by taking down targets´ networks. Today´s viruses have become more insidious. These programmes lie hidden on infected machines, gather information and target their strikes at valuable data. Cyber-criminals now use virus infections to get in under the radar of businesses and steal confidential data.

“The damage that viruses can cause extends beyond systems and ultimately can affect a company´s customers, business relationships and reputation in the marketplace. The threat has never been greater, so this is no time for complacency. Tomorrow´s battle has only just begun. In that battle, a multi-layer defence of patching, up to date anti-virus software and intrusion detection software offers the best protection.”

Leave a Reply