British companies have suffered 60% fewer malware
infections than two years ago as a result of near-universal use of
anti-virus and anti-spyware, but cybercriminals are now aiming at
less well-defended targets, such as home PC users, according to a
PricewaterhouseCoopers (PwC) report.
The 2008 Information Security Breaches survey carried out by
PricewaterhouseCoopers for the
Department of Business,
Enterprise and Regulatory Reform will be published at the
Infosecurity conference in London next week.
Chris Potter, PwC's security practice partner and author of the
report, said there was no reason for complacency among companies.
"It would be a mistake to assume that the malware threat is
extinguished," he said. "For two-thirds of companies that were
infected, it was their worst security incident of any kind."
In addition, whereas infection was formerly the goal, now it was
just the first stage in enabling more lucrative attacks by
criminals, he said. Most infected computers were now owned by the
home PC users, and these were a clear threat when harnessed as part
of a botnet.
Potter said only 14% of companies reported a breach last year,
down from 35% two years ago. But malware attacks were now more
subtle and harder to detect. As a result, some firms may be unaware
that they are infected, he said.
Potter said that as more and more companies used the web to buy
and sell goods and communicate with their markets, they would
become exposed to infected machines.