Malicious Code Problem Continues to Worsen, According to 9th Annual ICSA Labs Virus Prevalence Survey

Business Wire, March 22, 2004

Business Editors/High-Tech Writers

HERNDON, Va.--(BUSINESS WIRE)--March 22, 2004

Respected Survey Finds that "Virus Disasters" and Recovery Costs

on the Increase, While 88% of Qualified Respondents Describe Problem

as Worse than 2002

ICSA Labs(R), an independent division of TruSecure(R) Corporation, today announced the results of the 9th Annual ICSA Labs Virus Prevalence Survey. The survey shows conclusively that despite increased spending, both the perception and the reality of the malicious code problem continues to worsen.

The survey gathered data from 300 randomized companies and government agencies worldwide about the malicious code problem in computer networks, including desktop computers. The survey was sponsored by Network Associates, Microsoft Corporation, Eset, Trend Micro and the MIS Training Institute.

ICSA Labs conducts the Virus Prevalence Survey to track virus trends and frequency to understand the progress organizations are making in the war against malicious code. The survey points to several trends that took shape in 2003 including the return of "Outbreak" events like W32/Slammer--worms or viruses that spread around the world in a matter of minutes.

Other key trends highlighted in this year's 2003 survey include:

-- Malicious code is a growing problem--88% of respondents think

that malicious code is "somewhat worse or much worse" than

2002, with only 12% stating the situation was "the same or

better" in 2003.

-- An increase in the number of virus disasters--92 of more than

300 respondents reported virus disasters in 2003, an increase

of 15% over 2002. For an event to qualify as a virus disaster,

it must meet the historical criterion of 25 or more PCs or

servers infected at the same time with the same virus, or a

virus incident causing significant damage or monetary loss to

the respondent's organization.

-- Malicious code is costing organizations lots of money--in

2003, disaster recovery costs increased by 23% to almost

$100,000 per organization per event.

-- The creation and continuation of factors that contribute to

rising infection rates including new virus types, file sharing

and new replication vectors.

"Companies spend an enormous amount of money and energy defending against malicious code," said Dr. Peter Tippett, chief technologist at TruSecure Corporation. "These organizations are too often surprised by new malcode vectors and methods and then spend even more money and resources recovering from virus and worm disasters. Corporations need to engage in 'intelligent' risk management, which combines predictive analytics, testing and programs, to eliminate surprises and provide months or even years of lead time before the next 'new' worm."

"The reemergence of 'outbreak events' and the success of mass mailers in early 2004 illustrates that organizations are not making enough progress in their defense against malicious code," said Larry Bridwell, content security programs manager at ICSA Labs and author of the survey. "Laptops, wireless devices and file sharing have contributed to an ever-expanding set of infection points, leaving companies scrambling to secure their networks. Organizations must take a more proactive stance in securing their networks and educating their employees, vendors must make more secure software, and anti-virus vendors must make more effective heuristic applications if 2004 is to be different."

History has shown that proactive companies that follow a handful of essential security practices will fare better against malicious code exploits. These controls include protections such as file attachment filtering; specific configuration for routers, email clients, email servers, Web browsers, and business applications that are generally easy to implement, require infrequent updates, and go unnoticed by the average user because of their transparency.

Download an executive summary of the Virus Prevalence Survey and the TruSecure Anti-Virus Policy Guide now at http://www.icsalabs.com/2003avpsurvey/ . For a live discussion of Survey results with the author, Larry Bridwell, please go to http://www.trusecure.com/offer/e0291/ and register for the 9th Annual ICSA Labs' Virus Prevalence Survey Webinar on Wednesday, March 31, presented by TruSecure Corporation. The complete survey results and analysis will be available to Webinar attendees and then directly to the public after the Webinar.

To speak with ICSA Labs regarding the results of the survey, please contact Jason Morris or Laura Ackerman of Schwartz Communications (781-684-0770, trusecure@schwartz-pr.com) or Cynthia Shaw of TruSecure (703-480-8509, cshaw@trusecure.com).

About TruSecure Corporation

TruSecure is the leading provider of intelligent risk management products and services. TruSecure dramatically improves security and reduces risk by helping organizations make better security decisions and maximizing the effectiveness of existing security people, processes, and products. Leveraging TruSecure's vast security knowledge and intelligence gathering resources -- including ICSA Labs(R), the global leader in information security product certification -- as well as innovative technology and time-tested processes, our customers can predict which vulnerabilities present real risk, prioritize remediation efforts, quickly adapt to changes in the security threatscape, measure progress in improving their security posture, and document compliance with applicable security policies, standards and regulations.