InformationWeek.com

Welcome Guest. | Log In| Register | Membership Benefits

July 12, 1999

Global Security Survey:
Virus Attack

continued...page 2 of 6

Illustration by Teofilo Olivieri

Related links:

Extra Research From The Security Survey

sidebar: Security Survey Methodology

sidebar: Worldwide Security Priorities
"Many companies in the past would never have known that they'd been hacked by outsiders," explains Mark Lobel, a manager of technology risk services for PricewaterhouseCoopers. "But the growing use of intrusion-detection systems and other security programs means they can now better identify the cause of their problems."

The good news: Fewer respondents blamed authorized users and employees for their security problems, down to 41% this year from 58% last year (see chart, below).

The growth in outsourcing is probably the main reason more IT mangers cited contracted service providers as a suspected threat and fewer named their own employees, Lobel says. "These contractors have the same motivation and means as in-house employees. I know of one outside contractor who, when he heard that he was losing the job, started installing the 90-day trial version of Windows NT as his form of revenge."

Overall, security problems are becoming more serious. A year ago, half of the companies surveyed said they suffered no system downtime as a result of security breaches. This year, only 36% could make that claim (see chart, below).

bar chart Viruses attack just about everybody equally. While noncommercial organizations with limited IT budgets are frequent virus victims--78% of educational groups and 74% of government respondents reported being infected--large and better-financed companies didn't enjoy significantly greater immunity: Viruses hit 69% of companies with revenue of more than $500 million. Despite the growing threat from Internet-borne viruses and online virus-building toolkits, the survey shows that about 5% of responding companies still don't have antivirus software in place.

The virus fear factor is causing some companies to look at malicious code in a new light-- especially in the wake of the Melissa and Worm viruses that ruined users' hard drives.

At St. Barnabas, the close encounter with Melissa and the growing presence of other damaging viruses has caused the company to reassess how it fights those threats. Until about six months ago, the 130-site health-care company classified antivirus scanning as a utility, separate from other security functions. St. Barnabas now counts a virus attack as a breach and deals with it as a security threat.

bar chart "We had a view of the world that put antivirus in a separate silo from intrusion detection, and that was separate from another security function," VP Macaluso says. "Now we're trying to consolidate all those functions as part of a centralized access control and authentication system."

St. Barnabas is implementing an integrated security system that includes capabilities such as single sign-on and antivirus software, and Macaluso hopes the resulting comprehensive system will be more effective than using individual security systems. To accomplish that, St. Barnabas turned to Computer Associates for help. When the Melissa virus struck, the health-care company was testing CA's InoculateIT, which uses heuristic scanning, a kind of artificial intelligence that identifies unknown viruses. The CA software spotted the virus quickly and the IT staff at St. Barnabas was able to contain it without shutting down its entire network, Macaluso says.

No Assurances
Businesses that have managed to avoid or contain security breaches in the past shouldn't rest easy, IT managers and security experts say. No company is immune. "The longer you go without a security breach, the closer you are to your next incident," says Ken Shaurette, information security staff adviser for American Family Insurance in Madison, Wis.

IT managers need to fully understand the threat before they can effectively determine ways to protect their systems. Being able to identify how a security breach took place and who initiated it is crucial to preventing future unauthorized access and tampering. "You need to tighten all the joints before you can have truly effective security," says PricewaterhouseCoopers' Lobel.

continued...page 3, 4, 5, 6
return to page 1