Online Security, a global provider of computer forensics and information technology risk mitigation since 1997   Original Source:    http://www.sltrib.com/2004/Mar/03152004/business/business.asp Computer-related security breaches are on the rise Author:  Kathy Gurchiek A computer virus cost Arosnet Internet Services between $5,000 and $8,000 in lost time this year when a client's computer infected its network. The Salt Lake City company is not alone. More than 137,500 computer-related security incidents were reported nationwide in 2003, the highest number since 1999 and nearly three times as many as 2001, when 52,658 incidents were reported, according to Computer Economics Inc. (CEI) in California. "It can knock you out of business for a week," said Alan Paller, director of research at Sans Institute in Washington, D.C., a training organization for computer security. In 2003, the SoBig.F virus had a worldwide financial impact of $2.5 billion. The cost of the MyDoom virus, which hit in January, will exceed $4 billion, according to CEI's projections. The company includes calculations of lost business and productivity in its estimates. John Pescatore, Gartner Inc. vice president for Internet security, thinks those numbers are inflated, but agrees cleanup and recovery are expensive, costing employers about $100 per PC. Even if the impact is only time lost, "it's time you could spend doing something else and being productive," said Craig Bitter of Arosnet, whose clients include the Salt Lake Chamber. A virus isn't always easy to detect. Messages in recent viruses hinted at catching recipients at an illegal activity such as downloading music, Paller said. Scared, the recipient is prompted to open the attachment and unleashes the virus. MyDoom appeared to originate with friends and had subject lines such as "test." It harvested e-mail addresses from the affected PC, caused the computer to spew spam and opened a back door for hackers to enter later. Netsky, which hit in early February, copied itself to an infected computer's hard drive so it could be shared over a corporate network or a peer-to-peer file sharing program. Companies still get spam sent from MyDoom-infected PCs because even though most antivirus vendors have released repairs, many people have not updated their software. The best bet for businesses is to get a managed e-mail security service, said Andrew Lochart of the e-mail security company Postini. Protection, such as antivirus programs that buy time to stop the problem, comes at a cost. Firewalls to block hackers and filters to block spam start in the hundreds of dollars and easily climb into thousands of dollars for licensing. The Network VirusWall 1200, for example, costs $5,995 per unit and the accompanying software is $30 per seat for 500 users. Antivirus company Trend Micro Inc. is introducing a scanner appliance next month that blocks worms at the network level before they appear at employees' computers, but once a computer is infected, currently the only cure is a network patch from Microsoft. Paller said the onus of protection should not be on the consumer, but the software providers. "The firewalls help the small subset of people who know how to turn [them] on," he said. "It's like telling [car owners] to go buy themselves air bags and install them in their cars" if they want protection.