ICSA Survey: Malicious Code On The Rise


Computer viruses continue to plague corporate networks at an increasing rate, according to a new survey released Monday.

The survey is the seventh annual virus prevalence study by ICSA Labs, a security research and product certification division of TruSecure, a managed security firm based here.

The survey collected data from 300 companies and government agencies with more than 500 PCs and two or more LANs.

Respondents reported 1.9 million encounters with viruses on 666,327 machines between January 2000 and August 2001. For each year of the survey, infection rates have increased approximately 20 encounters per month per 1,000 PCs, according to ICSA.

The survey also reflected the high cost of malicious code. It found that the average company spends between $100,000 and $1 million per year on damage to desktops caused by viruses. Lost productivity makes up for the bulk of the damage, but file corruption and data loss are becoming more common, ICSA said.

However, the survey also indicated that companies are doing more to protect their networks. Eighty-four percent of the respondents said all of their e-mail servers are protected by antivirus software and 69 percent block or filter files at the e-mail gateway to catch malicious code.

"It looks like this year for the first time that there's been a good upswing in the number of companies that are now filtering their e-mail for these executable attachments," said Larry Bridwell, content security programs manager at ICSA Labs.

Organizations need to do more than install security products to combat viruses, he said.

"Companies are spending more time and money and we're still having a serious problem," Bridwell said.

Corporations need to create policies that take a broad approach to the problem, including high-quality antivirus on desktops, servers and e-mail gateways, as well as keeping up with software patches and enforcing the security policies, he said.

"You need that defense, in-depth," he said.

Networks Associates, Symantec, Panda Software and Gantz-Wiley Research sponsored the survey.