Report claims IT underestimates scope of malware

The report makes the case that the simple act of connecting a computer to the Internet is enough to instigate armies of cybercriminals to infiltrate a business’s or even a government’s security measures.

“The past five years have indeed brought a surge in the use of malware to attack information systems for the purpose of gathering information, stealing money and identities or even denying users access to essential electronic resources,” the report reads.

“Significantly, the capability also exists to use malware to disrupt the functioning of large information systems, surreptitiously modify the integrity of data and to attack the information systems that monitor and/or operate major systems of the critical infrastructure.”

The data about the situation in the U.S. furthers the report’s case that “communities involved in fighting malware offer essentially a fragmented local response to a global threat.”

The report attributes much of the recent growth in malware infection to spam, which it says has evolved from being a simple nuisance in a users’ inbox to a vehicle for botnets to contaminate a system.

OECD suggests all IT players, from vendors to ISP’s to governments, should have a role in forming more cohesive and coordinated effort at fighting malware, which it says up until now has been mainly reactive and disjointed.

“The behaviour of market players confronted with malware (whether Internet service providers, e-commerce companies, registrars, software vendors or end users) is influenced by mixed incentives, some working to enhance and some to reduce security,” the report claims.

“There are many instances in which the costs of malware are externalised by players at one stage of the value chain onto other players in the value chain.”