Virus Defenses Reach The Tipping PointVirus Defenses Reach The Tipping Point

In the past year, companies have gained an edge in the war against viruses and other network infiltrators. Yet it's unclear whether the credit should go to network administrators for liberally deploying and faithfully updating antivirus software, to antivirus vendors for being vigilant, or to virus authors for a lack of creativity.

Of the 3,478 U.S. sites in information Research's 2002 Global Information Security Survey, fielded by PricewaterhouseCoopers, two-thirds say they download virus-scanner updates automatically. While 82% of respondents at U.S. sites say they're using antivirus software to protect their systems, one can only surmise that the remaining 18% are volunteering to be real-world test labs for attacks.

Companies that use antivirus software are wisely deploying it throughout their operations, including E-mail gateways, desktops, and servers. What's surprising is that while 85% of companies with revenue of less than $50 million and 84% of businesses with annual revenue of $500 million or more use antivirus software, only 79% of midsize companies do.

Some industries' reliance on antivirus software isn't as pervasive as might be expected. Of the 224 U.S. banking sites surveyed, only 79% report using antivirus software, while just 87% of the study's 170 health-care companies depend on antivirus software.

All this doesn't mean the war against virus-related data destruction is over. The trend during the past few years has been for viruses to spread more swiftly. The I Love You virus took about a day to attain full strength in May 2000. Last summer's Code Red worm took about 90 minutes. When Nimda struck in September, it reached its saturation point in about the time it takes to watch a sitcom. This could have serious implications for the quarter of respondents with IT shops that update their antivirus signatures only in reaction to a virus event or notice.

Globally, research company Computer Economics estimates damages related to hostile-code attacks at $13.2 billion last year, a decline of $4.1 billion when compared with losses two years ago.

How will your company resist virus threats and hostile code attacks? Let us know your plans at the address below.

George V. Hulme
Senior Editor
[email protected]

Containment Counts
Antivirus updates don't usually cause system problems, but it has been known to happen. Companies seem more intent on containing virus threats than ensuring the welfare of their IT infrastructure. Only 28% of U.S. sites in information Research's 2002 Global Information Security Survey test virus updates before implementing them. Half have made containing virus threats or hostile code attacks a tactical security priority for the next 12 months. Businesses seem equally intent on achieving this task, whatever their size. Approximately half of the study's companies, whether small, midsize, or large, have an eye on the future and have made the suppression of virus and hostile-code offensives a near-term company objective.