Home > Information Security News > Malware infections down 60% at UK firms
Information Security News:
EMAIL THIS LICENSING & REPRINTS

Malware infections down 60% at UK firms

By Ron Condon, UK bureau chief
15 Apr 2008 | SearchSecurity.co.uk

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

The anti-virus message is finally getting through to British companies with the level of infection by malware down by 60% compared to two years ago. But security could still be undermined by ineffective business continuity plans, and the bad habits of careless employees.

The fall in malware infection is probably the most cheering news to come out of the 2008 Information Security Breaches Survey, which will be officially published next week at the Infosecurity show in London. The survey, carried out every two years by PWC and the DTI (now known as the Department for Business, Enterprise & Regulatory Reform, or BERR), provides the most accurate barometer of the state of information security in British business.

The research found that nearly every company now has anti-virus software, and 95% scan incoming emails for viruses. Around 98% have software to scan for spyware, up from 75% two years ago. Only 14% of UK companies reported a malware infection last year, down from 35% two years before. Even among very large businesses, fewer than half reported an infection last year.

However, those companies that did suffer an infection appeared to feel the effects more acutely. Two-thirds of them said the malware infection had been their worst security incident of any kind during the year, and malware infections were especially damaging in the telecommunications industry.

Chris Potter, a partner at PWC who led the survey, said that although basic anti-virus and anti-spyware defences were much improved, the survey showed that companies were treating system patching less urgently.

British business also seems to have made big strides in the areas of business continuity and disaster recovery, the survey found, with 99% claiming to backup their critical systems and data and 86% doing it on a daily basis.

Business recovery plans were in place at 72% of all companies (up from 58% two years ago), and at 91% of large companies. Off-site backups occurred at 85% of all companies (up from 76% two years ago) and at 91% of large companies.

DR testing a problem

While that was encouraging, half the business recovery plans were never tested, and 10% of those with a plan did not store data off-site.

But as the survey will also demonstrate, most security breaches arise from more mundane causes. The fact was graphically illustrated this week by a BBC investigation which revealed that 13 London councils had lost personal information about members of the public during the last year. The details showed, however, that the examples of poor security had more to do with the drinking habits of council workers than with the exploits of devious hackers.

In one instance, sensitive information about children in care was stolen when a youth worker took files into a bar. In another case, a paper notebook containing the names and addresses of 12 young people in care was stolen from a Kensington & Chelsea Council youth worker while he was in a pub after work.

However, email and USB sticks still provide the potential for large amounts of data to go missing, and the results of another survey by LogLogic show that employees will always find a way to take data home with them, whether they are allowed to or not.

The survey revealed that 42 per cent of adults in the UK had taken data out of the workplace to work on at home, and of these, almost half (45 per cent) said the data was classed as being company confidential.

Fewer than half of the respondents (43 per cent) said their bosses knew when information was being removed and taken home, and 14 per cent of those questioned said they accessed data which was not directly related to their job.

E-mail (29%) and USB memory sticks (27%) were the most popular method of removing data from the workplace. Hard copy printouts accounted for 22%, while 14% was transferred on CD, and 9% was transferred from a work laptop to home PC.

Even after finishing working with the information, 20% admitted they still had the data at home, 6% threw it away without destroying it, and 2 per cent admitted they had no idea what happened to it.



Tags: Threat ManagementAuthentication and AuthorizationPlatform Security SolutionsVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts