Online Security, a global provider of computer forensics and information technology risk mitigation since 1997   Original Source:    http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=54403 Larger companies take more than their fair share of virus damage Author:  Matt Whipp Half of UK businesses suffered from virus infections according to a new survey from the DTI. Preliminary results from the biennial Information Security Breaches Survey show that last August's Blaster worm was the biggest headache in 2003, particularly for large companies for which the worm was the culprit in more than half of infections. In fact big business suffered unduly - of all companies one would expect the big players to take security the most seriously with latest in antivirus software and system security. The results show that of the large companies surveyed 99 per cent used AV software - perhaps a worryingly low figure. Even so, 11 per cent more received infected mail (83 per cent) than the average, and 68 per cent of large companies were infected compared with the 50 per cent average. Chris Potter, the PricewaterhouseCoopers partner leading the survey, said: 'The main reason why big businesses suffered more is that despite having plenty of antivirus controls, their inherent nature means there are lots of potential entry points - every employee with email access and every unpatched PC. 'The second reason is due to the changing nature of viruses. A few years ago most viruses were email mailers - easily scanned out at the email gateway. Post-Nimda, however, viruses have become more sophisticated and have inherited the capabilities of hackers. Once they have infected a computer they will probe the network for other vulnerabilities. And large businesses tend to have strong perimeter defences, but inside the network they are much less strong. And with thousands of computers to take care of, just how do you keep them up to date? We're now seeing a trend towards automated patching and monitoring to check that computers on the network stay up to date.' He said that the most common victims to virus infection were operating in the retail and property markets - companies characterised by having lots of offices in different locations. This makes patch management and virus updates more difficult to manage centrally while 'shop floor' staff don't consider security their problem - a downside for every large company. Furthermore, these companies are very much customer-facing - their many customers expect to be able to contact them via email. With more email accounts and traffic to take care of, big business is particularly vulnerable to fast spreading worms like last year's Blaster and the MyDooms and NetSkys of 2004. These mass mailing worms that rely on human interaction to execute attachments took off not just because of clever social engineering of the message texts, but also because antivirus vendors need several hours to release an IDE file that will recognise the virus. Natasha Staley, Information Security Analyst MessageLabs - a UK company that scans company email for viruses before it hits the email gateway, told us: 'As the DTI survey shows, despite the vast majority of businesses using anti-virus software a worrying number are still suffering from virus infections. The statistics speak for themselves - traditional anti-virus measures aren't working. The majority of anti-virus products... cannot counter the sheer speed with which viruses now spread. Signature-based scanning is always going to be playing catch-up because a virus actually has to be released before vendors can produce a fix. It is because of this that an increasing number of companies are using a proactive scanning service at the internet level capable of intercepting known and unknown viruses.' Potter added: 'Whilst almost every UK business has anti-virus software in place, the incidence of attack is rising. With new viruses like MyDoom and Netsky sweeping the world within hours of their release, software is only as good as its last update and increasingly companies have set their anti-virus software to automatically update itself immediately a new release is available. However, anti-virus software alone does not solve the problem - it's vital to install the latest operating system security updates and patches as well. To check this, companies need effective monitoring and audit processes.' The survey found that damage from infections could vary from less than a day's disruption to months of downtime. The full results of the survey will be announced at the InfoSecurity Europe exhibition in London next month.