Virus infection has caused the most serious security failures for UK companies in the past two years, according to the 2006 Department of Trade and Industry's biennial information Security Breaches Survey.
The survey, conducted by a consortium led by PricewaterhouseCoopers, found that roughly half of security incidents were caused by viruses, with two-fifths of these described as having a serious impact on the business. While most disruption was minor, roughly a quarter of companies questioned who reported a virus as their worst incident had major disruption, with important services such as email down for more than a day.
With 88 per cent of businesses surveyed having a broadband Internet link, the threat from malicious software has never been greater, says PricewaterhouseCoopers, and now almost every company uses anti-virus software. As a result, the number of companies affected has actually dropped by about a third since two years ago. Companies are also improving their patching discipline, with 88 per cent of UK businesses applying new operating system security updates within a week of their release, compared with 79 per cent in 2004. Companies that install critical patches within a day suffered fewer virus infections than those that wait even a week.
Despite this, however, the average number of infections suffered by those who do get hit has risen to roughly one a day. Several businesses reported hundreds of infections a day. Virus infections also tended to take more effort to resolve than other incidents, sometimes taking over 50 days' work to fix. One small company we spoke to ended up getting their legitimate mail blocked by anti-spam software, because they had been used as a spam relay, and that was very, very painful, said Chris Potter, the partner from PricewaterhouseCoopers LLP leading the survey.
One change from two years ago was that previously a small number of viruses dominated, for example Netsky and Bagle/Beagle. In contrast, over the last year, no single virus has caused widespread damage. Instead, the nature of viruses - and the motivation of their writers - has changed. A growing problem is the prevalence of 'bots', which take over machines and for use in cyber crime; cleaning up the problems can take weeks of effort. According to the survey, a quarter of UK businesses have no protection against spyware, downloaded when the user visits an unscrupulous website. As a result, spyware was the cause of roughly one in seven of the worst incidents involving malicious software.
These days, the viruses are like guerrillas, rather than regular troops there are a lot of them out there trying to infiltrate peoples systems and spy on their activity, said Potter. Law enforcement has got better, and if you look at the big outbreaks of the past a lot of virus writers have found themselves in prison for very little personal gain. These days, the sorts of people likely to write viruses are being contacted by organised crime and their skills are being put to a more lucrative use.