The ThreatTrack Security survey found that 57% of enterprise malware analysts have dealt with undisclosed incidents, suggesting that the data breach epidemic – totaling 621 confirmed data breaches in 2012, according to Verizon’s 2013 Data Breach Investigations Report – is more widespread than originally thought. And that, of course, leaves enterprises’ customers and data-sharing partners unaware of a wide array of potential security risks associated with the loss of personal or proprietary information.
Moreover, the largest companies, those with more than 500 employees, are even more likely to have had an unreported breach, with 66% of malware analysts with enterprises of that size reporting undisclosed data breaches.
“While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring,” said ThreatTrack CEO Julian Waits, in a statement. “Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber-espionage campaigns from overseas competitors and foreign governments. This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools.”
When asked to identify the most difficult aspects of defending their companies’ networks from advanced malware and data breaches, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions, underscoring the fundamental importance of a multi-layered, advanced cyber defense.
There are other challenges facing IT staffs too, the survey found: unsurprisingly, 40% of respondents reported that one of the most difficult aspects of defending their organization’s network was the fact that they don’t have enough highly-skilled security personnel on staff. But the most concerning aspect of that is the fact that staff time is often spent tackling easily avoidable malware infections originating at the highest levels of their organization.
Malware infections were most often caused by executives clicking on a malicious link in a phishing email (56%); allowing a family member to use a company-owned device (45%); visiting a pornographic website (40%); or installing a malicious mobile app (33%). All of which points to the need for more education and training.
Forensics offer time-management issues as well. More than half (52%) of all malware analysts said it typically takes them more than two hours to analyze a new malware sample. Conversely, only 4% said they are capable of analyzing a new malware sample in less than an hour.