Don't blame malware for large-scale attacks, says Verizon

The lack of a secured infrastructure is typically the reason hackers are able to gain access to enterprise servers and from there, implant malware to launch an attack, according to Verizon.

While malware remains a key element in security attacks, it is often not the trigger point, Peter Tippett, vice president of security solutions and enterprise innovation at Verizon Business, told ZDNet UK's sister site ZDNet Asia.

"These criminals get in through unsafe passwords, SQL injections or other simple remote controls that are usually ignored. While these [security] practices may seem less effective than antivirus software, they are critical in reducing attacks, as each of these controls add up to form a critical resistance," Tippett said.

According to a new study by Verizon Business, only 3 percent of large-scale security breaches and attacks suffered by enterprises last year were triggered by malware. The survey assessed only large-scale system attacks resulting in losses of $10bn (£6.3bn) or more in an incident. The report also discovered that 48 percent of attacks involved "privilege misuse", while 98 percent of data breaches originated from servers.

Fore more on this ZDNet UK-selected story, see Security breaches on servers not linked to malware on ZDNet Asia.