While the potential risk posed by most viruses found in the wild is typically rated as minimal, the growing number of new viruses and incidents illustrates the need to continually monitor the potential threat. The following statistics and events are evidence of the increasing risk of virus attacks worldwide:
- Symantec posted over 100 new viruses in the wild for the month of October 2003 and recently reported that the number of new viruses discovered each month has risen sharply in the past 6 months
- McAfee reported that there are now over 60,000 known computer viruses
- China Ministry of Public Security released a statement in late October, stating that over 85% of the 68 million Internet users in China have been infected by a virus this year
- While the August “Can of Worms†led by so Sobig, Nachi, and Blaster continue to plague many users, Mimail.A (detected in late October) is now rising to the top of threat list
- Over 80% of companies surveyed in a recent Computer Economics survey indicated they have added new security products or have engaged the services of an outside security vendor as a result of the recent rash of high-impact virus attacks
- The number of incidents reported to the CERT Coordination Center through 3Q03 has significantly exceeded the total incidents reported from any previous year (see Figure 1)
Virus/Security Incidents Reported to CERT 2000 – 2003
|
Year |
2000 |
2001 |
2002 |
1Q-3Q 2003 |
|
Number of Reported Incidents |
21,756 |
52,658 |
82,094 |
114,855 |
Source: CERT Coordination Center Figure 1
The events that began in August of this year illustrate how devastating high-impact viruses can be on network environments when they are active at the same time. Computer Economics estimates that the total cost to businesses worldwide will exceed $2.5 billion from the viruses that surfaced in that month alone.
A recent survey conducted by Computer Economics provides additional insight into the impact of the August “Can of Worms.†Computer Economics asked over 100 midsize and large companies what affect the attacks had on their organization. Figure 2 shows that almost 60% of the companies surveyed indicated the attacks had at least a noticeable impact on their organizations.
Affect of the August “Can of Worms†on Corporate Networks
|
Impact Of August Virus Attacks |
Significant Affect |
Noticeable Affect |
Minor Affect |
No Measurable Affect |
|
28% |
28% |
15% |
29% |
Source: Computer Economics survey – 3Q03 Figure 2
While the events of August are not typical, the potential risk for this type of event to reoccur remains very high. It is imperative that private companies remain highly focused on Internet and network security issues. Additionally, closer cooperation between international agencies is critical to reduce the increasing risk from both private hackers and politically motivated cyber attacks.
November 2003