ICSA Labs conducts the Virus Prevalence Survey to measure the frequency and impact of computer viruses and malicious code in medium to large-size organizations. The survey queries 300 companies and government agencies worldwide, gathering data on computer virus problems, the rate and methods in which encounters become actual infections, and the costs and downtime associated with the organization remedying the viruses and restoring full business operations. The survey was sponsored by Grisoft Software, McAfee, Inc., Microsoft, Sophos, Trend Micro, Virus Bulletin, Eset, Fortinet and MIS Training Institute.
Key trends highlighted in the 2004 survey include:
'¢ Virus encounters increased by nearly 50% from 2003, with a rate of 392 encounters per 1,000 machines per month. The amount of actual infections also increased, represented by a rate of 116 infections per month.
'¢ The number of virus disasters (an incident where 25 or more PCs or servers are infected at the same time by the same virus causing significant damage or monetary loss to the organization) was up 12% from the previous year. Of the 300 respondents, 112 reported a virus disaster, over the 92 reported in 2003.
'¢ Perhaps of more significance was an increase in recovery time and costs associated with these disasters. Recovery time rose to seven person-days and self-reported costs were estimated to be US$130,000, both significant increases of over 25% from 2003.
'¢ Malicious code is a growing problem, with 91% of respondents indicating they believe malicious code is 'somewhat worse or much worse' than in 2003. Of note: Zero respondents felt that the problem was better than last year.
'This survey shows that the malicious code problem worsened, even though 2004 was a year where there were no major worm events, such as Blaster, Sobig, Nachi triumvirate in August of 2003,' said Dr. Peter Tippett, chief technology officer at Cybertrust. 'While we may be making some progress in reducing the number of virus encounters that become virus infections, the sharp increase in the sheer number of attacks means that the affect on businesses continues to escalate. With ten years of data in hand, we can say with confidence that typical, product-oriented defensive or reactive measures are not enough to stand up to this escalation. Companies must take proactive steps to protect their information assets through intelligent practices and policies, as it is clear that increased spending on defensive technologies alone consistently fail to stem the tide.'
Studies have shown that organizations can reduce their risk of malicious code exploits by over 90% by applying tested security practices and implementing security control policies that deliver documented results, without negatively impacting the user experience. Most noteworthy is that these organizations can realize these improvements while using the same basic defensive technologies - anti-virus software, firewalls - as other similar organizations. Examples of these controls include protections such as personnel policies, practices and training, file attachment filtering; specific router configurations, email clients, email servers, web browsers, and business applications such as word processors and spreadsheets.
'Ten years of compelling data clearly indicates the virus problem shows no sign of abating, and the affect of malicious code in the terms of real impact on business continues to rise,' said Larry Bridwell, content security programs manager at ICSA Labs and author of the survey. 'All indications are that this trend will continue, as organizations continue to extend themselves beyond the traditional enterprise, creating new entry points into their networks and information assets that can in turn be exploited as points of attack for malicious code. Real progress will be made when companies rely less on defensive technologies and more on proactive security polices and practices.'
