Computer security divides Europe

The French are well prepared to tackle novel virus attacks

Europe is a continent divided by its approach to viruses, hack attacks and spam, a survey has found.

It found that French and German firms are most prepared to deal with viruses and their pernicious kin.

But the UK leads the way among nations which see good security as a way of helping their business stand out.

Survey sponsor McAfee warned that many European firms were just reacting to virus outbreaks instead of preparing to beat back future threats.

Dangerous game

The survey found that 48% of the European firms questioned see security as little more than a matter of fixing the security breaches that viruses, worms and malicious hackers attempt to exploit.

The damage and inconvenience that all these threats can cause prompted 84% of those in the survey to say that security is a critical concern for their company.

The survey found that in many firms, 40%, security problems are regularly debated at board level.

But despite this concern, many firms were doing little to tackle the newest type of malicious attacks known as "blended threats".

Pernicious programs such as Nimda roll together into one nasty package technology tricks typically only seen in individual viruses.

"These are the most virulent threats and the ones we are seeing the most of today," said McAfee spokesman Chris Thompson. "They attack both system and network infrastructures."

Viruses use lots of tricks to make people open them

The survey revealed that, on average, 30% of European firms have no technology in place to tackle blended threats.

In the UK and the Netherlands more than 40% of firms are doing nothing about blended threats. French, German and Swedish firms were best prepared.

Mr Thompson said these different figures were related to language differences as many viruses were written to catch out native English speakers.

The steady growth in the number of viruses in circulation and the havoc they cause has forced some organisations to adopt poor practices for dealing with security problems.

Fixing problems

Mr Thompson said many of the technology managers who responded to the survey did little more than react to each virus outbreak or attack.

"Many are spending half their resources on reactive solutions," he said, "fixing things that are already broken."

Mr Thompson said firms needed to get out of this cycle and take a deeper look at the way their security was organised.

"We need to get people out of the fire drill mode," he said, "to give them a break and get them focussing on their business."

Instead of reacting to everything, firms needed to find a way to work out how to protect what was important to their business or to win time to work out just how dangerous novel attacks were going to be.

Mr Thompson said many firms were starting to realise that they needed ways of managing end users, many of whom unwittingly helped viruses propagate.

"The most effective security strategy is one that is invisible to the end user," he said.