CIO Jury: Viruses still a major security threat

Computer viruses still pose a major threat to corporate networks despite the lack of a major outbreak for two years, according to leading UK IT chiefs.

The last serious mass-mailing virus attacks to hit both home PC users and businesses were Sasser, Bagle and MyDoom in 2004.

But three-quarters of silicon.com's 12-strong CIO Jury IT user panel said viruses are still a big security danger for enterprise networks.

Dr Ben Booth, global CTO at pollsters Ipsos, said: "If the threat appears reduced it is because we are much better at stopping them - they are still a considerable danger."

While the days of the mass-mailer worm like Sasser may be over, the virus and Trojan Horse threats are becoming more intelligent and subtle, according to Ian Auger, head of IT and communications at ITN.

He said: "The systems for detecting and in some cases pre-empting them have improved massively but the virus technologies have also developed."

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Peter Ryder, head of ICT at Preston City Council, added that the risk remains because of the proliferation of portable storage devices that can easily connect to a PC and the network.

Part of the reason for fewer mass virus outbreaks is more secure software, following initiatives such as Microsoft's Trustworthy Computing.

Peter Birley, IT director at Browne Jacobson, said: "Although we haven't had a major attack for a while I don't think we can be complacent. I believe that generally defences are better than they were and that the software suppliers are more aware of the threat before they release new versions but the risk remains and we should work on that principal and continue to bolster the defences."

But mass-mailing malware has been replaced by a much worse threat, according to Christopher Linfoot, IT director, LDV Group.

He said: "Malware attacks now are often on a much smaller scale and appear to be targeted at specific organisations or individuals. The combination of sufficient minor repackaging of an existing exploit, so that it passes antivirus unnoticed, with social engineering hooks to lure the unwary can still provide a workable attack vector."

Today's CIO Jury was...

Ian Auger, head of IT and communications, ITN
Mark Beattie, head of IT, LondonWaste
Alastair Behenna, CIO, Harvey Nash
Peter Birley, IT director, Browne Jacobson
Dr Ben Booth, global CTO, Ipsos
Steve Clarke, head of internal computing, AOL UK
Nic Evans, European IT director, Key Equipment Finance
Paul Haley, IT director, University of Aberdeen
Adrian Hughes, head of IS, Amlin
Christopher Linfoot, IT director, LDV Group
Peter Ryder, head of ICT, Preston City Council
Phil Young, head of IT and operations, Amtrak Express Parcels

Want to be part of silicon.com's CIO Jury and have your say on the hot issues for IT departments? If you are a CIO, CTO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of silicon.com's CIO Jury pool, or you know an IT chief who should be, then drop us a line at editorial@silicon.com