Malware infections down 60% at UK firms

By Ron Condon, UK bureau chief 15 Apr 2008 | SearchSecurity.co.uk

Digg This!     StumbleUpon     Del.icio.us

The fall in malware infection is probably the most cheering news to come out of the 2008 Information Security Breaches Survey, which will be officially published next week at the Infosecurity show in London. The survey, carried out every two years by PWC and the DTI (now known as the Department for Business, Enterprise & Regulatory Reform, or BERR), provides the most accurate barometer of the state of information security in British business.

The research found that nearly every company now has anti-virus software, and 95% scan incoming emails for viruses. Around 98% have software to scan for spyware, up from 75% two years ago. Only 14% of UK companies reported a malware infection last year, down from 35% two years before. Even among very large businesses, fewer than half reported an infection last year.

However, those companies that did suffer an infection appeared to feel the effects more acutely. Two-thirds of them said the malware infection had been their worst security incident of any kind during the year, and malware infections were especially damaging in the telecommunications industry.

Chris Potter, a partner at PWC who led the survey, said that although basic anti-virus and anti-spyware defences were much improved, the survey showed that companies were treating system patching less urgently.

British business also seems to have made big strides in the areas of business continuity and disaster recovery, the survey found, with 99% claiming to backup their critical systems and data and 86% doing it on a daily basis.

Business recovery plans were in place at 72% of all companies (up from 58% two years ago), and at 91% of large companies. Off-site backups occurred at 85% of all companies (up from 76% two years ago) and at 91% of large companies.

DR testing a problem

While that was encouraging, half the business recovery plans were never tested, and 10% of those with a plan did not store data off-site.

But as the survey will also demonstrate, most security breaches arise from more mundane causes. The fact was graphically illustrated this week by a BBC investigation which revealed that 13 London councils had lost personal information about members of the public during the last year. The details showed, however, that the examples of poor security had more to do with the drinking habits of council workers than with the exploits of devious hackers.

In one instance, sensitive information about children in care was stolen when a youth worker took files into a bar. In another case, a paper notebook containing the names and addresses of 12 young people in care was stolen from a Kensington & Chelsea Council youth worker while he was in a pub after work.

However, email and USB sticks still provide the potential for large amounts of data to go missing, and the results of another survey by LogLogic show that employees will always find a way to take data home with them, whether they are allowed to or not.

The survey revealed that 42 per cent of adults in the UK had taken data out of the workplace to work on at home, and of these, almost half (45 per cent) said the data was classed as being company confidential.

Fewer than half of the respondents (43 per cent) said their bosses knew when information was being removed and taken home, and 14 per cent of those questioned said they accessed data which was not directly related to their job.

E-mail (29%) and USB memory sticks (27%) were the most popular method of removing data from the workplace. Hard copy printouts accounted for 22%, while 14% was transferred on CD, and 9% was transferred from a work laptop to home PC.

Even after finishing working with the information, 20% admitted they still had the data at home, 6% threw it away without destroying it, and 2 per cent admitted they had no idea what happened to it.

Tags: Threat and Vulnerability Management,  Secure User Authentication and Authorization,  Platform and OS Security Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Threat and Vulnerability Management Web application firewall's value depends on what the effort you put in Firewall rule management best practices Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list Buying botnets: Underground network marks ominous 'milestone' Gartner sees better days ahead for security budgets How to secure the Border Gateway Protocol Coping with top security in a world of deperimeterization Computer misuse cases: Get there before the bad guys IT overhaul results in cheaper, better endpoint security management 2009 Royal Holloway University of London MSc thesis series Secure User Authentication and Authorization 2009 Royal Holloway University of London MSc thesis series How effective are password hack tools? Understand the differences in network access control solutions Best practices for a privileged access policy to secure user accounts 3ami allows employers to track use of USB storage devices Stolen FTP credentials likely in massive website attacks Best practices: How to implement and maintain enterprise user roles Social hacking: The easy way to breach network security Gartner: How to succeed at identity and access management Security book chapter: The Truth About Identity Theft Platform and OS Security Management Microsoft patches WebDAV security vulnerability in bevy of updates RSA council addresses growing security risks in the cloud Adobe shifts to Microsoft patching process, incident response plan Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft patches serious Excel zero-day, Windows flaws System management appliance improves school's software deployment Government offers £6m to fund complex network security infrastructure Are Windows Vista security features up to par? Windows security: Remote Desktop, hosts file and keyboard lock down Debian: A niche OS with a not-so-niche security flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary