Viruses and DoS attacks hitting half of businesses: DTI

Half of UK businesses fell victim to either a virus or distributed denial of service (DDoS) attack in the past year, a 25 per cent increase on the year before, according to latest research carried out on behalf of the Department of Trade and Industry.

The DTI's biennial Information Security Breaches Survey was conducted by a consortium of companies including PricewaterhouseCoopers. The figures were compiled from around 1,000 telephone interviews and the full results will be published during the InfoSecurity Europe conference in London on 27 April.

Although most companies protect themselves against virus attacks, a significant proportion still do not use an antivirus product. According to the survey, 93 per cent of smaller companies and 99 per cent of large companies use antivirus software, which means around one in 14 small companies and one in 100 large firms have no specialist protection against viruses.

Exactly half the overall respondents admitted suffering from a virus infection or DDoS attack over the past year. The MSBlast worm was blamed for a third of all infections in small firms and half of all infections in larger companies.

Firms reported that following an attack their services were "disrupted" for anywhere between half a day and a month.

In a statement released on Tuesday, Chris Potter, a PricewaterhouseCoopers partner, said that although most UK businesses have antivirus software, the number of successful attacks is rising.

"With new viruses like MyDoom and Netsky sweeping the world within hours of their release, software is only as good as its last update and increasingly companies have set their antivirus software to automatically update itself immediately a new release is available. However, antivirus software alone does not solve the problem - it's vital to install the latest operating system security updates and patches as well," Potter said.

Nick Ray, chief executive of security software company Prevx, said that the fact so many companies with antivirus protection were still being infected is evidence that the signature-based antivirus model is not working: "Signature-based systems just can't keep up at the rate these attacks propagate. The antivirus model relies on people being infected by a virus for vendors to know about it; only then can they analyse the virus and produce a signature," he said.

Last week, the UK's National Hi-Tech Crime Unit (NHTCU) published a survey on e-crimes that said 83 percent of companies fell victim to some kind of high-tech crime during 2003. The organisation estimates that these crimes cost companies more than £195m, with three financial institutions claiming to have lost around £20m each.

Although the NHTCU didn't produce a precise figure for the overall cost of high-tech crime to the UK, it was confident that the bill ran into billions of pounds.

ZDNet's Graeme Wearden contributed to this report

Munir Kotadia writes for ZDNet UK