Feeds

UK.plc struggles to eradicate viral infection

Malware remains top security nuisance

High performance access to file storage

Viral infection was the biggest single cause of security incidents over the last two years, according to a DTI-backed study published on Tuesday.

The DTI's biennial Information Security Breaches survey found that viral infection caused roughly half of security incidents reported. Two in five viral infestations were said to have caused a serious impact on the organisations affected.

The study also found that viruses were more likely to cause service disruptions than other security breaches. While interruptions generally had minimal impact, a quarter of firms that blamed viral infestation for the worst security incident had major problems, such as losing important services (for example email), for more than a day.

Almost all the 1,000 UK companies that participated in the survey use anti-virus software. Although malware continues to be a problem for UK plc infection rates, the survey says it has dropped by roughly a third since two years ago.

However, on a less encouraging note, 20 per cent of firms questioned said they do not update signature files (used to protect against viruses) within a day.

Two years ago, a small number of viruses were the root of business concerns, but last year attacks featuring Trojans and botnet clients became a bigger problem. The study found that viral infections tend to take more work to resolve than other incidents. One such incident took a company 50 days to fix.

The telephone survey also found that around a quarter of UK businesses are not protecting themselves against spyware.

Meanwhile, patching practices are slowly improving. Nearly nine in ten UK businesses (88 per cent) apply new operating system security updates within a week of their release, compared with 79 per cent of businesses in 2004. Firms that install patches within a day, unsurprisingly, suffered fewer viral infections than those that wait even a week.

A consortium led by PricewaterhouseCoopers LLP managed the 2006 Information Security Breaches survey. Other lead sponsors are Microsoft, Symantec, Entrust and Clearswift. Input has also come from the National Hi-Tech Crime Unit, Royal Holloway, University of London and the Information Security Forum.

Chris Potter, the partner from management consultancy PricewaterhouseCoopers leading the survey, said: "It's very encouraging to see the progress that UK companies have made in installing anti-virus software and patching their systems. However, there's a danger of fighting yesterday's battle. Past viruses were designed to cause large amounts of indiscriminate damage typically by taking down targets' networks. Cyber-criminals now use virus infections to get in under the radar of businesses and steal confidential data."

The full results of the survey will be published at the Infosecurity Europe exhibition and conference in London, which takes place between 25 and 27 April. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.