The DTI Information Security Breaches Survey 2004, managed by PricewaterhouseCoopers, found that 93% of companies surveyed, and 99% of large companies, had anti-virus software in place. Despite this, 50% of UK businesses (and 68% of large companies) suffered from virus infection or denial of services attacks during the last year. This is up from 41% in 2002 and just 16% in 2000.
With 89% of companies sending e-mail over the internet, UK businesses are increasingly vulnerable to attack. Seventy-two percent received infected e-mails or files over the last year. For large companies the figure was 83%.
Two-thirds of respondents who admitted to falling victim to a cyber attack cited a virus infection as their worst of the year, with the damage caused varying from less than a day's disruption at no cost, to major disruption for a month or more.
The Blaster worm, which hit the headlines last summer, was found to be the biggest culprit, causing a third of all infections – with over half of these being in big companies.
Blaster exploited a publicised flaw in Microsoft's Windows operating system and took the form of a highly infectious worm that caused computers to constantly reboot or to show error messages. Blaster and its variants caused an estimated $1.3 billion worth of damage worldwide.
But Blaster is just one example of a growing sophistication in virus attacks. Chris Potter, the PwC partner leading the survey, said:
"Whilst almost every UK business has anti-virus software in place, the incidence of attack is rising. With new viruses like MyDoom and Netsky sweeping the world within hours of their release, software is only as good as its last update and increasingly companies have set their anti-virus software to automatically update itself immediately a new release is available. However, anti-virus software alone does not solve the problem – it's vital to install the latest operating system security updates and patches as well. To check this, companies need effective monitoring and audit processes."
Gerhard Eschelbeck, VP and CTO of survey sponsor Qualys, added:
"The sophistication of the latest generation of worms demands that business takes a much more proactive stance on security. Blended threats like Blaster wreak havoc by incorporating additional viruses and Trojans and side-stepping traditional software solutions. Scanning on-demand and on a regular basis is essential for organisations to protect themselves against today's fast-moving threats. It ensures that their security solutions are up-to-date and effective."
The survey canvassed the views of 1,000 companies of all sizes. The full results of the survey will be released at InfoSecurity Europe, which will be held in London in April.