Half of UK businesses fell victim to either a virus or distributed denial of service (DDoS) attack in the past year, a 25 percent increase on the year before, according to latest research carried out on behalf of the Department of Trade and Industry.
The DTI's biennial Information Security Breaches Survey was conducted by a consortium of companies including PricewaterhouseCoopers. The figures were compiled from around 1,000 telephone interviews and the full results will be published during the InfoSecurity Europe conference in London on 27 April.
Although most companies protect themselves against virus attacks, a significant proportion still do not use an antivirus product. According to the survey, 93 percent of smaller companies and 99 percent of large companies use antivirus software, which means around one in 14 small companies and one in 100 large firms have no specialist protection against viruses.
Exactly half the overall respondents admitted suffering from a virus infection or DDoS attack over the past year. The MSBlast worm was blamed for a third of all infections in small firms and half of all infections in larger companies.
Firms reported that following an attack their services were "disrupted" for anywhere between half a day and a month.
In a statement released on Tuesday, Chris Potter, a PricewaterhouseCoopers partner, said that although most UK businesses have antivirus software, the number of successful attacks is rising.
"With new viruses like MyDoom and Netsky sweeping the world within hours of their release, software is only as good as its last update and increasingly companies have set their antivirus software to automatically update itself immediately a new release is available. However, antivirus software alone does not solve the problem -- it's vital to install the latest operating system security updates and patches as well," Potter said.
Nick Ray, chief executive of security software company Prevx, told ZDNet UK that the fact so many companies with antivirus protection were still being infected is evidence that the signature-based antivirus model is not working: "Signature-based systems just can't keep up at the rate these attacks propagate. The antivirus model relies on people being infected by a virus for vendors to know about it; only then can they analyse the virus and produce a signature," he said.
Prevx has developed a security product, similar to Cisco's Security Agent technology, which looks for suspicious application behaviour rather than a program that is described by a particular virus signature.
"At the very best position, antivirus vendors assume that some people are going to get infected and they hope that population is small enough so the majority of their customers will get protected. Even if you update your signatures twice a day, they are not going to cope with the rate that new attacks spread," said Ray.
Last week, the UK's National Hi-Tech Crime Unit (NHTCU) published a survey on e-crimes that said 83 percent of companies fell victim to some kind of high-tech crime during 2003. The organisation estimates that these crimes cost companies more than £195m, with three financial institutions claiming to have lost around £20m each.
Although the NHTCU didn't produce a precise figure for the overall cost of high-tech crime to the UK, it was confident that the bill ran into billions of pounds.
Graeme Wearden contributed to this report
Talkback
Commenting on this survey, Mike Fenton, director at Network Box UK said:
"This survey shows that conventional anti-virus software is not providing the protection that UK companies need. This is because effective protection requires around the clock monitoring and updating which can be both difficult and prohibitively expensive for a organisation to achieve on its own. In this environment, businesses should consider remotely-managed Internet security protection, which automatically blocks new viruses the moment a signature is released rather than when clients poll for updates." -- Mike Fenton, director, Network Box UK.
Remotely-managed appliances such as the Network Box can overcome the problem of updating virus protection. For example, with Bugbear in June 2003, Network Box blocked the virus heuristically before any anti-virus companies had signatures, and then once it was fully isolated (3 1/2 hours later), signatures were written, tested, and all Network Box customers globally updated within 30 minutes.