Out-Law News 2 min. read
Half of service disruptions due to viruses, finds survey
28 Feb 2006, 3:00 pm
Around half of the worst security incidents suffered by UK firms over the past two years were caused by viruses, according to a survey from the Department of Trade and Industry (DTI). Two fifths of these had a serious impact on the business concerned.
The 2006 DTI biennial Information Security Breaches Survey reveals that while the disruption was usually minor, roughly a quarter of companies who reported a virus as their worst incident had major disruption, with important services such as email down for more than a day.
The telephone survey of 1,000 organisations, carried out by a PricewaterhouseCoopers-led consortium, reveals that the majority of UK businesses (88% of those surveyed) now have broadband. It warns that the threat from malicious software has never been greater.
Despite this, fewer firms had viruses than in the last two surveys, with infection rates dropping by roughly a third in the past two years. The report puts this down to an increased use of anti-virus software.
Companies without anti-virus software did not in fact report many infections. One explanation is that companies that suffer virus infection tend to install anti-virus software afterwards. More worrying is the possibility that some do not realise a virus has infected their systems, says the survey.
Two years ago, a small number of viruses, such as the Netsky virus, dominated, but now no single virus has caused widespread damage. Instead viruses seek not simply to damage, but to infiltrate and take advantage – whether this is in the form of obtaining information, or in taking control of the infected PC itself.
The survey reveals that a quarter of UK businesses are not protecting themselves against the threat caused by spyware, software that is used to collect information about an individual or organisation without their knowledge. As a result roughly one in seven of the worst incidents involving malicious software related to spyware.
On a positive note, the survey shows that patching discipline has improved: nearly nine in 10 UK businesses (88%) apply new operating system security updates within a week of their release, compared with 79% of businesses in 2004.
"It's very encouraging to see the progress that UK companies have made in installing anti-virus software and patching their systems. However, there's a danger of fighting yesterday's battle,” warned Chris Potter, partner with PricewaterhouseCoopers.
“Past viruses were designed to cause large amounts of indiscriminate damage typically by taking down targets' networks. Today's viruses have become more insidious. These programmes lie hidden on infected machines, gather information and target their strikes at valuable data. Cyber-criminals now use virus infections to get in under the radar of businesses and steal confidential data.
"The damage that viruses can cause extends beyond systems and ultimately can affect a company's customers, business relationships and reputation in the marketplace,” he added. “The threat has never been greater, so this is no time for complacency. Tomorrow's battle has only just begun. In that battle, a multi-layer defence of patching, up to date anti-virus software and intrusion detection software offers the best protection."
The full results of the survey will be published at the Infosecurity Europe exhibition and conference, due to be held in London between 25th and 27th April.
