The Malicious software (malware): a security threat to the Internet economy report published by the Organisation for Economic Co-operation and Development over the weekend suggests that the PC malware infection rate in the US has hit 25 percent. These OECD cybercrime infection findings are highly disturbing, admits Geoff Sweeney, CTO with behavioural analysis IT security specialists Tier-3 (whose customers spread across major corporations and governments the world over) but nonetheless are accurate. In fact, the figures confirm the companies own findings with regards to infections. OECD says in the report that while the economic and social impacts of malware may indeed be somewhat hard to quantify, there is no doubting that when used directly or indirectly can harm critical information infrastructures resulting in financial loss. Malware, the OECD warns, therefore plays a pivotal role in the erosion of trust issues that the Internet economy is currently facing.
"PC infections are a lot more prevalent than many corporates realise, mainly because many go unnoticed for long periods of time, until IT security software vendors get around to updating their applications to counter the specific malware involved" Sweeney told me, adding "The Internet has become the modern equivalent of the Wild West. For most companies it's become as essential as the telephone, but it is far, far more dangerous." There is little doubt in Sweeney's mind that the assertion within the report that such a simple act as connecting a computer to the Internet can effectively mobilise an army of organised criminals aiming to subvert 'the system' is correct. Cybercrime is, indeed, a potential threat to the Internet economy.
"Companies need to ask themselves whether their existing single or multiple layers of IT security is sufficient to protect their IT resource. The answer to this question is almost certainly no for most enterprises, as they now need to extend their protection from variations on rule based technology to include behavioural analysis technology."
The report perhaps unsurprisingly concludes that there is no magic bullet, no simple solution to the complex problems presented by malware. Just as unsurprisingly, Sweeney does not think that it is time to place your head between your knees and start praying. The answer, he insists, lies with behavioural analysis technology which has the ability to spot both known and unknown types of malware and take appropriate action. "That is its great strength which is needed to counter the fact that at least one in four of PCs are now infected with some form of malware."