DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Most malware breaches not disclosed – survey

Posted on November 9, 2013 by Dissent

I generally avoid re-posting press releases as they tend to be self-serving, but some contain interesting data. From ThreatTrack:

ThreatTrack Security today published a study that reveals mounting cybersecurity challenges within U.S. enterprises. Nearly 6 in 10 malware analysts reported they have investigated or addressed a data breach that was never disclosed by their company.

These results suggest that the data breach epidemic — totaling 621 confirmed data breaches in 2012, according to Verizon’s 2013 Data Breach Investigations Report — may be significantly underreported, leaving enterprises’ customers and data-sharing partners unaware of a wide array of potential security risks associated with the loss of personal or proprietary information. Moreover, the largest companies, those with more than 500 employees, are even more likely to have had an unreported breach, with 66% of malware analysts with enterprises of that size reporting undisclosed data breaches.

The independent blind survey of 200 security professionals dealing with malware analysis within U.S. enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in October 2013. In addition to the alarmingly high number of undisclosed data breaches reported, the study highlights several other challenges enterprise cybersecurity professionals face.

“While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring,” said ThreatTrack CEO Julian Waits, Sr. “Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments. This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools.”

Outmanned, Outgunned and Out of Time

40% of respondents reported that one of the most difficult aspects of defending their organization’s network was the fact that they don’t have enough highly-skilled security personnel on staff. To exasperate matters, their time is often spent tackling easily avoidable malware infections originating at the highest levels of their organization. At the following rates, malware analysts revealed a device used by a member of their senior leadership team had become infected with malware due to executives:

  • Visiting a pornographic website (40%)
  • Clicking on a malicious link in a phishing email (56%)
  • Allowing a family member to use a company-owned device (45%)
  • Installing a malicious mobile app (33%)

When asked to identify the most difficult aspects of defending their companies’ networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions, underscoring the fundamental importance of a multi-layered, advanced cyber defense.

More than half (52%) of all malware analysts said it typically takes them more than 2 hours to analyze a new malware sample. Conversely, only 4% said they are capable of analyzing a new malware sample in less than an hour. Not surprisingly, 35% said one of the most difficult aspects of defending their organization from advanced malware is the lack of access to anautomated malware analysis solution, which cuts analysis times to just minutes.

[…]

 

Related posts:

  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
Category: Commentaries and AnalysesMalware

Post navigation

← Follow-up: NYPD Detective Pleads Guilty in Manhattan Federal Court to Computer Hacking
You know that blood test your doctor ran as part of your wellness check? The state can subpoena the results. →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.