Worms whack half of businesses

Most companies have upped security spending, but that hasn't stopped pests from invading corporate networks, survey finds.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Almost half of businesses have had a worm outbreak in the last year, despite increases in security spending on compliance efforts, according to a recent survey.

The survey, released Monday by security company Mazu Networks and the Enterprise Strategy Group, found that almost 75 percent of companies boosted security spending in 2004 to comply with regulations set by the Sarbanes-Oxley Act.

Despite those efforts, only 14 percent of respondents said they were "very confident" that their networks would repel all threats this year.

"I think this is a bit of a wake-up call," said Tom Corn, vice president of marketing for Mazu Networks. "Not a lot of folks have confidence that they have mechanisms and processes in place to protect themselves."

The survey, which polled 229 information technology professionals about their corporate networks, came as another report suggested that virus writers and online attackers are becoming more focused on using their skills to earn cash from fraud and identity theft.

The polled IT professionals had a similar story to tell, according to Corn. "We are starting to see a lot of these threats less for bragging rights and more about creating armies of system zombies and bots--there is a strong financial model for that," he said.

About 47 percent of all respondents had a worm infect a company network in the past year, the Mazu survey found. An eighth of those businesses had more than 25 percent of their network compromised during the incident.

However, the worry of worms has not helped close some major vulnerabilities at the companies, the survey indicated.

Almost 25 percent of all companies had an internal breach in 2004, and 40 percent of those incidents interrupted a critical service. Almost half of the IT professionals surveyed found active accounts belonging to ex-employees, and a third found rogue wireless access points in their network.

Companies involved in the survey were required to have at least 1,000 employees. They represented more than 18 different industries.