Skip to navigation
   
Davey Winder's Blog
RSS

Malware numbers down but don’t celebrate just yet

By Davey Winder in Editorial

Posted in Data Protection, Blog, Security on April 15, 2008 at 10:19 pm

Permalink | Author Profile

That would appear to be the conclusion of a new survey carried out on behalf of the Department for Business, Enterprise and Regulatory Reform, the early results of which have been released today. Although we will have to wait until next week for the full survey to be revealed at InfoSecurity Europe, the results seem both encouraging and worrying at the same time.

The 2008 Information Security Breaches Survey suggests that the number of UK companies reporting malware infection is actually down by as much as 60% when compared to just 24 months ago. This can be, fair enough, partly accounted for by improved anti-virus controls but at the same time we are told that two-thirds of the companies affected said that malware was responsible for their worst information security breaches.

One thing is clear, and that is the nature of the malware threat is certainly changing. The people writing the malware itself are increasingly sophisticated in their methods, especially when it comes to concealing their activities.

Still, on the happy happy side of the fence the survey does appear to be suggesting that malware is causing less damage than in the past, much less damage. The early figures that have been leaked out have a mere 14% of UK companies reporting a malware infection last year. That’s down from 35% two years ago, and it would appear that there are three main reasons for this:

  1. Corporate anti-virus defences have significantly improved with 95% of companies scanning incoming emails for viruses and 98% having software installed to scan for spyware.
  2. Most minor infections are no longer considered security breaches but as ‘events’ dealt with by routine controls.
  3. Malware itself is now just the first stage in enabling more lucrative attacks by hackers rather than infection being an end in itself. Which means it tries harder to remain undetected.

And on the not so happy side? Well, we are warned that despite the lower levels of infection, it’s a mistake to assume the malware threat is over. Chris Potter, a partner with PricewaterhouseCoopers LLP, who led the survey commented: “If there is one area of security where UK plc has really got the message, it’s virus protection. Only a tiny minority of companies don’t take this area seriously. The message from this survey is clear - if you haven’t got anti-virus and anti-spyware software, you’re way outside the benchmark. But, there remain some serious challenges. Companies now seem to be slower to install operating system patches than they were in 2006. Delaying patches can leave systems vulnerable to attack. On the other hand, rolling out patches instantly, without testing them first, can lead to systems instability. It’s important that companies strike the right balance here - risk assessment is essential.” While Dr. Guy Bunker, Chief Scientist at Symantec Corporation, one of the consortium members responsible for the survey, added: “While the results of the survey are encouraging, it’s clear that the battle between malware writers and companies continues unabated. Our recent research shows that there are over a thousand new malicious threats appearing each day. The battle is still on, it’s just changed from being obvious and high-profile to silent and obscure but is just as lethal. The motivation of malware writers has changed. Law enforcement in this area has improved around the world. As a result, the kudos derived from writing a disruptive worm to gain notoriety is outweighed by the personal consequences. Motivated by the money involved, organised crime is employing malware writers to write ’stealthy’ code that seeks to obtain confidential information or open security holes which can be exploited for financial gain.”

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments
This article has no comments yet.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

network trust Health second life SSL SMS patch management Funny FBI Facebook banks exploit NASA linkedin iPhone 3G global Energy Microsoft Bill Gates ISPA virtual world Rumour fun Zango Microchip Vista politics productivity Battery ID Theft statistics Performance computing Yahoo green remote xmas symantec chips USA sick Space Texas Instruments Google Internet phishing hypervisor museum science e-commerce MiniBook Noro Olympics Finjan IP economics Ballmer Programming staffing money rootkits Kill Switch ASUS digitise printing Mars hardware social networking payments data home terrorism archiving crime Video carbon copy stupid worm Deal Obama ecommerce Jesus Phone Web Development mobile Digg Supercomputer MSN remote working Blogging adware help Eee Big Brother web 2.0 email Government debian hubdub betting DNS Apple Linux malware news fraud Research hacker library MessageLabs computing Project Death theft OS Top 500 XP technology holidays iPhone development work VPN copyright report Firefox Paris Hilton spam environment avatar Texting Flash Business black hat web hacking OCR Software scan China Eee PC documentation Trojan data protection gaming Lotus Twitter dumb botnet Gartner HPC fool man-in-the-middle Mobile Phone Windows 7 graphics BSI surveys InfoSec AMD size banking open source The Federation payment server office IDC computer teleworking compromise world of warcraft stupidity prison migration search workplace Hack students privacy Windows worker books Steve Jobs Rant Adobe Silverlight Application MSNBC christmas biometrics Russia universe VM NBC virtual machine CAPTCHA virus shopping security credit card fraud tech scareware IBM code survey broadband standards storage policy scam outsourcing millions BOFH service transactional security
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement
Advertisement