Malware infections down 60% at UK firms

By Ron Condon, UK bureau chief 15 Apr 2008 | SearchSecurity.co.uk

Digg This!     StumbleUpon     Del.icio.us

The fall in malware infection is probably the most cheering news to come out of the 2008 Information Security Breaches Survey, which will be officially published next week at the Infosecurity show in London. The survey, carried out every two years by PWC and the DTI (now known as the Department for Business, Enterprise & Regulatory Reform, or BERR), provides the most accurate barometer of the state of information security in British business.

The research found that nearly every company now has anti-virus software, and 95% scan incoming emails for viruses. Around 98% have software to scan for spyware, up from 75% two years ago. Only 14% of UK companies reported a malware infection last year, down from 35% two years before. Even among very large businesses, fewer than half reported an infection last year.

However, those companies that did suffer an infection appeared to feel the effects more acutely. Two-thirds of them said the malware infection had been their worst security incident of any kind during the year, and malware infections were especially damaging in the telecommunications industry.

Chris Potter, a partner at PWC who led the survey, said that although basic anti-virus and anti-spyware defences were much improved, the survey showed that companies were treating system patching less urgently.

British business also seems to have made big strides in the areas of business continuity and disaster recovery, the survey found, with 99% claiming to backup their critical systems and data and 86% doing it on a daily basis.

Business recovery plans were in place at 72% of all companies (up from 58% two years ago), and at 91% of large companies. Off-site backups occurred at 85% of all companies (up from 76% two years ago) and at 91% of large companies.

DR testing a problem

While that was encouraging, half the business recovery plans were never tested, and 10% of those with a plan did not store data off-site.

But as the survey will also demonstrate, most security breaches arise from more mundane causes. The fact was graphically illustrated this week by a BBC investigation which revealed that 13 London councils had lost personal information about members of the public during the last year. The details showed, however, that the examples of poor security had more to do with the drinking habits of council workers than with the exploits of devious hackers.

In one instance, sensitive information about children in care was stolen when a youth worker took files into a bar. In another case, a paper notebook containing the names and addresses of 12 young people in care was stolen from a Kensington & Chelsea Council youth worker while he was in a pub after work.

However, email and USB sticks still provide the potential for large amounts of data to go missing, and the results of another survey by LogLogic show that employees will always find a way to take data home with them, whether they are allowed to or not.

The survey revealed that 42 per cent of adults in the UK had taken data out of the workplace to work on at home, and of these, almost half (45 per cent) said the data was classed as being company confidential.

Fewer than half of the respondents (43 per cent) said their bosses knew when information was being removed and taken home, and 14 per cent of those questioned said they accessed data which was not directly related to their job.

E-mail (29%) and USB memory sticks (27%) were the most popular method of removing data from the workplace. Hard copy printouts accounted for 22%, while 14% was transferred on CD, and 9% was transferred from a work laptop to home PC.

Even after finishing working with the information, 20% admitted they still had the data at home, 6% threw it away without destroying it, and 2 per cent admitted they had no idea what happened to it.

Tags: Threat and Vulnerability Management,  Secure User Authentication and Authorization,  Platform and OS Security Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Threat and Vulnerability Management Zeus botnet temporarily disrupted, but back in full force Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 Secure User Authentication and Authorization Preventing password fatigue with single sign-on (SSO) authentication Gridsure finds global deal for its pattern-based authentication Physical security threats: Don't gift your data away Using unique device identification for bank website security Yahoo login credentials at risk to hijacking attack Single sign-on system removes password chaos at East Kent NHS Trust Tokenless two-factor authentication helps council with CoCo compliance Risk-based multifactor authentication implementation best practices Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Platform and OS Security Management Microsoft issues advisory on new IE security vulnerability Microsoft patches SMB flaws, Hyper-V problem in big update Microsoft blue screen affecting few corporate PCs Microsoft to fix 26 flaws in Windows, Office Thin-client technologies surge thanks to easier security, says Deloitte Microsoft issues critical security update, blocks IE 6 attacks How to use Windows XP Mode in Windows 7 Microsoft to patch single Windows 2000 vulnerability How to prevent memory dump attacks Microsoft gives Internet Explorer a major security overhaul

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary