Viruses cause most security breaches

Viruses remain the biggest cyberthreat to businesses, according to a government report to be released soon which will also warn that the threat of spyware is growing, .

The Department of Trade and Industry (DTI) report into information security breaches found that approximately half of businesses said their worst security incidents over the past two years has been caused by virus infections, rather than other threats such as hacking or phishing.

The survey, which will be launched at Infosecurity Europe 2006 in London in April, showed that virus infections were also more likely to have caused serious service interruption than other incidents.

"Usually the disruption was minor, but roughly a quarter of companies questioned who reported a virus as their worst incident had major disruption, with important services such as email down for more than a day," the authors of the survey said in a statement.

The report found that the threat from spyware is also increasing. A quarter of UK businesses are not protected against the threat caused by spyware, said the report, while spyware caused one in seven of the security incidents reported.

"Of external threats, malicious software was the most significant, while the threat from spyware grew the most. Spyware was the hardest threat to detect, and the one UK businesses were least prepared for," Chris Potter, co-author of the report and partner at PricewaterhouseCoopers, told ZDNet UK.

Companies are relying too much on antivirus software, according to the report.

"It's clear that the old model of 'all I need is antivirus software on my email gateway' just doesn't cut it any more," said Potter. "Ninety-five to ninety-eight percent of businesses have antivirus software deployed, yet thirty-five percent have had virus infections in the past year."

Spyware was increasingly being used by organised criminals because it is more difficult to detect and easier to profit from, said Potter.

"Old style attacks just caused indiscriminate damage, like a plane dropping bombs. Now it tends to be a mass of guerrillas attacking organisations to take confidential information, which is much more subtle and insidious," said Potter.

Most malicious attacks involved the exploitation of weak patches, according to Potter, and most were targeted against machines running Microsoft software.

"It's clear that there are a huge number of Microsoft computers, and it's likely they are targeted more by virus writers because that will result in more infections," said Potter. "However Microsoft, through XP Service Pack 2, has made the patching process much easier. Most companies are now deploying patches within a week."

Companies could not just rely on antivirus software to prevent the threat of malware, said Potter, but needed to deploy a range of in-depth protection.

"Each discipline — updating antivirus software, installing patches, installing intrusion-prevention or intrusion-detection systems — each contributed to the likelihood of reducing infections, but none of them alone eliminated the risk. The implication is to have multi-level protection. If businesses have all three elements with a patch auditing process, that will stand you in good stead," said Potter.

The report also found that businesses need to educate their staff about computer infections and their symptoms.

"It's absolutely critical that people make sure they have antivirus software, but stuff is always going to slip through. Businesses need to educate their staff about malware, so people stay alert for the symptoms of infection like a slow machine," said Potter.

Potter said that Internet telephony and instant messaging (IM) are emerging as potential means of attack, although most threats still came through Web downloads, and worms and other Trojans spreading across networks by email.

"VoIP and IM certainly are new attack vectors. Virus writers expend most effort on established technology, but IM is a potential threat. Roughly 42 percent of UK businesses allow their employees to use IM through AOL, MSN, or Yahoo, while more than half of those have no controls over its use. This potentially opens companies to exploits further down the road, although we've seen none yet," said Potter.