Blaster Tops the List as Virus Epidemic Sweeps UK Business, Survey Shows
— March 2, 2004 — Around half of UK businesses suffered from virus infection or denial of services attacks during the last year, a new survey shows. This has risen from 41% in 2002 and just 16% in 2000. These are among the initial findings from the 2004 Department of Trade and Industry’s biennial Information Security Breaches Survey, conducted by a consortium led by PricewaterhouseCoopers. The full results of the Survey will be launched at InfoSecurity Europe in London, April 27-29.
Key findings from the telephone survey of some 1,000 companies include:
- Companies are increasingly vulnerable to attack with 89% of businesses (and virtually all large companies) sending email across the internet, compared with 77% in 2002;
- 72% of all companies surveyed had received infected emails or files in the last year. For large companies this rises to 83%;
- Most companies have virus protection - 93% of those surveyed, and 99% of large companies, have antivirus software in place;
- Despite this, 50% of UK businesses (and 68% of large companies) suffered from virus infection or denial of services attacks during the last year;
- Blaster was by far the biggest culprit, causing a third of all infections (and over half of those in large companies);
- Two-thirds of companies polled that had experienced any type of security breach cited a virus infection as their worst of the year;
- Damage from virus incidents varied from less than a day’s disruption and no cost to major disruption to services for a month or more.
These findings are published in a fact sheet - ‘Viruses and malicious code’ - sponsored by security specialist Qualys.
Chris Potter, the PricewaterhouseCoopers partner leading the survey, said:
“Whilst almost every UK business has anti-virus software in place, the incidence of attack is rising. With new viruses like MyDoom and Netsky sweeping the world within hours of their release, software is only as good as its last update and increasingly companies have set their anti-virus software to automatically update itself immediately a new release is available. However, anti-virus software alone does not solve the problem ? it’s vital to install the latest operating system security updates and patches as well. To check this, companies need effective monitoring and audit processes.”
Gerhard Eschelbeck, VP and CTO of Qualys, Inc., added:
“The sophistication of the latest generation of worms demands that business takes a much more proactive stance on security. Blended threats like Blaster wreak havoc by incorporating additional viruses and Trojans and side-stepping traditional software solutions. Scanning on-demand and on a regular basis is essential for organisations to protect themselves against today’s fast-moving threats. It ensures that their security solutions are up-to-date and effective”
About the Survey
The 2004 DTI Information Security Breaches Survey is the most authoritative survey about this issue in the UK. It is part of the Department of Trade and Industry’s work with British industry to understand the impact of information security breaches. It aims to raise awareness among UK companies and public sector organisations of the value of effective information security management.
The survey was be conducted between October 2003 and January 2004 and is based on 1,000 telephone interviews with organisations of all sizes across all areas of the UK, plus a series of face to face interviews. A consortium led by PricewaterhouseCoopers is managing the 2004 survey. Other lead sponsors are Microsoft, Computer Associates and Entrust. Input has also come from the National Hi-tech Crime Unit, Royal Holloway, University of London, and the Information Assurance Advisory Council.
The full results of the seventh, biennial survey will be published at the InfoSecurity Europe exhibition and conference in London April 27-29.
The factsheet ‘Viruses and malicious code’ can be downloaded from www.security-survey.gov.uk, or www.dti.gov.uk/industries/information_security
About Qualys
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
About PricewaterhouseCoopers
PricewaterhouseCoopers (www.pwc.com/uk) provides industry-focused assurance, tax and advisory services for public and private clients. More than 120,000 people in 139 countries connect their thinking, experience and solutions to build public trust and enhance value for clients and their stakeholders. PricewaterhouseCoopers has one of the largest information security teams in the world; its specialists have extensive experience of investigating security breaches and in-depth knowledge of the techniques available to protect against and limit the damage from such breaches.
Unless otherwise indicated, PricewaterhouseCoopers refers to PricewaterhouseCoopers LLP a limited liability partnership incorporated in England. PricewaterhouseCoopers LLP is a member firm of PricewaterhouseCoopers International Limited.
Qualys and the Qualys logo are trademarks of Qualys, Inc. All other trademarks are the property of their respective owners.
Media Contact:
Tami Casey
Qualys
media@qualys.com