July 05, 2011, 6:10 AM — How can you be sure your organization doesn't have insidious viruses or other malware lurking within systems and applications, waiting to inflict damage? You can't.
Malware has grown sophisticated to the point where there's no guarantee that it's actually gone, even when you've applied the latest antivirus software. Making matters worse, IT infrastructures are becoming much more complex -- with an ever-growing population of devices that give malware even more possible entry points.
[ Your executives are big, fat, juicy targets for spearphishing attacks. Learn how to protect them from being harpooned. | Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]
These days, you have to assume there are some infected PCs or other devices on the corporate network.
Get used to it: Malware is everywhere you go The malware problem is getting worse. According to the Ponemon Institute's 2011 State of Endpoint Risk study, 43% of the 782 U.S.-based IT and IT security professionals surveyed reported a "dramatic uptick" in malware in 2010. Fully 98% of the organizations surveyed by Ponemon experienced a virus or malware-based network intrusion, and 35% said they had experienced 50 malware attempts within a span of just one month, or more than one intrusion per day.
"The current batch of malware we're seeing is very sophisticated and well written, and it hides itself well and avoids detection well," says Fred Rica, principal in the information security advisory practice at the PricewaterhouseCoopers consulting firm.
The good news is that this "living with malware" scenario doesn't have to lead to lost data, unavailable systems, or other problems. Companies can and do function despite these intrusions.
Here are some approaches that can help minimize the effect of malware on your network and in your systems so that your company can carry on with business despite the nagging presence of these troublesome programs.