British companies have suffered 60% fewer malware infections than two years ago as a result of near-universal use of anti-virus and anti-spyware, but cybercriminals are now aiming at less well-defended targets, such as home PC users, according to a PricewaterhouseCoopers (PwC) report.
The 2008 Information Security Breaches survey carried out by PricewaterhouseCoopers for the Department of Business, Enterprise and Regulatory Reform will be published at the Infosecurity conference in London next week.
Chris Potter, PwC's security practice partner and author of the report, said there was no reason for complacency among companies. "It would be a mistake to assume that the malware threat is extinguished," he said. "For two-thirds of companies that were infected, it was their worst security incident of any kind."
In addition, whereas infection was formerly the goal, now it was just the first stage in enabling more lucrative attacks by criminals, he said. Most infected computers were now owned by the home PC users, and these were a clear threat when harnessed as part of a botnet.
Potter said only 14% of companies reported a breach last year, down from 35% two years ago. But malware attacks were now more subtle and harder to detect. As a result, some firms may be unaware that they are infected, he said.
Potter said that as more and more companies used the web to buy and sell goods and communicate with their markets, they would become exposed to infected machines.