Blaster Tops The List As Virus Epidemic Sweeps UK Business, Survey Shows

Around half of UK businesses suffered from virus infection or denial of services attacks during the last year, a new survey shows. This has risen from 41% in 2002 and just 16% in 2000. These are among the initial findings from the 2004 Department of Trade and Industry’s biennial Information Security Breaches Survey, conducted by a consortium led by PricewaterhouseCoopers. The full results of the Survey will be launched at InfoSecurity Europe in London, April 27-29.

Key findings from the telephone survey of some 1,000 companies include:

* Companies are increasingly vulnerable to attack with 89% of businesses (and virtually all large companies) sending email across the internet, compared with 77% in 2002;
* 72% of all companies surveyed had received infected emails or files in the last year. For large companies this rises to 83%;
* Most companies have virus protection – 93% of those surveyed, and 99% of large companies, have antivirus software in place;
* Despite this, 50% of UK businesses (and 68% of large companies) suffered from virus infection or denial of services attacks during the last year;
* Blaster was by far the biggest culprit, causing a third of all infections (and over half of those in large companies);
* Two-thirds of companies polled that had experienced any type of security breach cited a virus infection as their worst of the year;
* Damage from virus incidents varied from less than a day’s disruption and no cost to major disruption to services for a month or more.

These findings are published in a fact sheet – ‘Viruses and malicious code’ – sponsored by security specialist Qualys.

Chris Potter, the PricewaterhouseCoopers partner leading the survey, said:

“Whilst almost every UK business has anti-virus software in place, the incidence of attack is rising. With new viruses like MyDoom and Netsky sweeping the world within hours of their release, software is only as good as its last update and increasingly companies have set their anti-virus software to automatically update itself immediately a new release is available. However, anti-virus software alone does not solve the problem – it’s vital to install the latest operating system security updates and patches as well. To check this, companies need effective monitoring and audit processes.”

Gerhard Eschelbeck, VP and CTO of Qualys, Inc., added:

“The sophistication of the latest generation of worms demands that business takes a much more proactive stance on security. Blended threats like Blaster wreak havoc by incorporating additional viruses and Trojans and side-stepping traditional software solutions. Scanning on-demand and on a regular basis is essential for organisations to protect themselves against today’s fast-moving threats. It ensures that their security solutions are up-to-date and effective”

Notes to editors

1. About the Survey

The 2004 DTI Information Security Breaches Survey is the most authoritative survey about this issue in the UK. It is part of the Department of Trade and Industry’s work with British industry to understand the impact of information security breaches. It aims to raise awareness among UK companies and public sector organisations of the value of effective information security management.

The survey was be conducted between October 2003 and January 2004 and is based on 1,000 telephone interviews with organisations of all sizes across all areas of the UK, plus a series of face to face interviews. A consortium led by PricewaterhouseCoopers is managing the 2004 survey. Other lead sponsors are Microsoft, Computer Associates and Entrust. Input has also come from the National Hi-tech Crime Unit, Royal Holloway, University of London, and the Information Assurance Advisory Council.

The full results of the seventh, biennial survey will be published at the InfoSecurity Europe exhibition and conference in London April 27-29.

The factsheet ‘Viruses and malicious code’ can be downloaded from www.security-survey.gov.uk, or
www.dti.gov.uk/industries/information_security

2. About Qualys

Qualys is the market-leading Web Service Provider offering on-demand Network Security Audits and Vulnerability Management. Qualys enables large and small organizations to manage security from an attacker’s perspective and fix real-world weaknesses before they are exploited. Qualys’ web services are used simultaneously by executives and technicians to measure security effectiveness, enforce security policy, and comply with regulations. Thousands of customers rely on Qualys, including AXA, BASF, Bosch-Siemens, Hewlett Packard, ICI, Sony, Standard Chartered Bank and The Thomson Corporation. Qualys is headquartered in Redwood Shores, California, with European headquarters in Slough, UK and additional offices in Munich and Paris

For up-to-date information with regard to the most critical and prevalent worms at any point in time, see www.qualys.com/RV10. The dynamic RV10 index is updated automatically and continuously from a statistically representative sample of thousands of networks. It is designed to help security administrators prioritise their efforts and help them focus on the most dangerous and prevalent worms before they can cause serious damage.

For more information about Qualys, please visit www.qualys.com.

3. About PricewaterhouseCoopers

PricewaterhouseCoopers (www.pwc.com/uk) provides industry-focused assurance, tax and advisory services for public and private clients. More than 120,000 people in 139 countries connect their thinking, experience and solutions to build public trust and enhance value for clients and their stakeholders. PricewaterhouseCoopers has one of the largest information security teams in the world; its specialists have extensive experience of investigating security breaches and in-depth knowledge of the techniques available to protect against and limit the damage from such breaches.

Unless otherwise indicated, PricewaterhouseCoopers refers to PricewaterhouseCoopers LLP a limited liability partnership incorporated in England. PricewaterhouseCoopers LLP is a member firm of PricewaterhouseCoopers International Limited.