Enterprise data breaches often left undisclosed, malware analysts say

Enterprise data breaches often left undisclosed, malware analysts say

Summary: According to new research, enterprise malware analysts often address data breaches which are kept under wraps by companies.


Over half of data breaches suffered by U.S. companies go undisclosed, according to enterprise malware analysts.

A new ThreatTrack Security survey found that 57 percent of malware analysts working on enterprise-related data breaches have addressed security problems that U.S. firms failed to disclose. Due to company dishonesty -- perhaps in order to save reputations or avoid difficult questions by customers and investors -- it may be that data breaches are more widespread than first believed, and businesses are even further behind than thought in the fight against cyberattackers.

Security vulnerabilities and cyberattacks have become critical problems for companies worldwide. If breached, a company network could become a treasure trove for hackers, potentially full of customer details -- including telephone numbers, addresses and card details -- sensitive corporate data, or information which impacts national infrastructure security. A number of high-profile breaches have taken place this year, including LivingSocial, Evernote and the Federal Reserve.

Verizon's 2013 Data Breach Investigations Report said that 621 data breaches were confirmed in 2012. However, if considered in tandem with ThreatTrack's data which says 66 percent of malware analysts working with 500+ employee enterprises have dealt with undisclosed security problems, the confirmed 621 attack number may be significantly underreported.

The independent blind survey of 200 security professionals within U.S. companies was conducted by Opinion Matters on behalf of the security company in October this year.

"While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring," said ThreatTrack CEO Julian Waits. "Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments. This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools."

Unsurprisingly, 40 percent of respondents said one of the most difficult aspects of their roles was the fact that skilled help is in short supply. In an interesting twist, many of the malware analysts said the majority of their time was taken up thanks to the Internet habits of executives -- who through browsing pornography sites, clicking on phishing emails and installing malicious apps allow malware to infiltrate networks.

According to the survey data, devices up high in the management chain have been infected with malware thanks to:

  • Visiting a pornographic website (40 percent)
  • Clicking on a malicious link in a phishing email (56 percent)
  • Allowing a family member to use a company-owned device (45 percent)
  • Installing a malicious mobile app (33 percent)

When asked to identify the most difficult aspects of defending their companies' networks, 67 percent said the complexity of modern malware is a crucial factor, 67 percent said the frequency of attacks is a problem, and 58 percent cited the ineffectiveness of market solutions as an issue.

The study also asked malware analysts for their opinion on government-sponsored cyber espionage. As a result, 37 percent of respondents said they believe the U.S. is the country most adept at conducting cyber espionage, and China came in a close second at 33 percent.

Topics: Security, Malware, Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • A fish starts to rot at the head

    "In an interesting twist, many of the malware analysts said the majority of their time was taken up thanks to the Internet habits of executives -- who through browsing pornography sites, clicking on phishing emails and installing malicious apps allow malware to infiltrate networks."

    But, gosh, I thought their wealth and power meant they were so much smarter than the people who do the actual work. Is it possible that, as a result of being told what Smart Guys they are by politicians, corporate media, and company knob polishers, they no longer know how little they really know?

    Having retired from over 25 years in corporate IT a couple of years ago, I can personally attest to the seriousness of this issue. The clowns at the top have drunk their own Kool-Aid and think they're invulnerable. Their certainty is inversely proportional to their actual knowledge.
  • Jon Inns, director of product management, Accumuli Security

    In today’s IT landscape of ever evolving threats from hackers, hacktivists, cyber criminals, and even foreign governments, it is inevitable that a breach will occur. The aim therefore is to be able to readily identify this breach so that corrective action can be taken. However, if these data breaches are left unreported, as suggested, the long term consequences can be catastrophic. For enterprises, having a comprehensive security strategy can assist in limiting the types of breaches caused, as well as the potential damage or consequences of such an incursion. Security policy evolves, much like the threat landscape does, and it depends on feedback obtained from various parts of the business, including IT security. If breaches are not reported, the type of attack, duration and possible fall out cannot be analysed to assist in bolstering defences. The reasons for not reporting attacks may vary, but the fact remains, ignoring breaches is always a bad idea.
    Jon Inns, Accumuli Security
  • Disclousre needs to be a law and these companies need SMTP Security!

    It should be illegal for companies not to disclose compromised data. That being said, i worked with a data encryption company and we had CC data stolen (internal actor) and we immediately let our customers know. Revenue dropped ~50% over the next two quarters. I understand the fear. We made changes like no longer recording CC data. Eventually earned it all back then some.

    I get it that we are bombarded with hundreds, some maybe thousands, of emails a day. But there has to be a better way of preventing people from phishing scams. Education as to be first. But also, why aren't there more AV products specifically designed to sit on a mail relay and scan all links and attachments. I know a few companies have things out there, Oktey if your ok with your stuff being sent to the cloud and OPSWAT if your not. Both companies use multiple AVs but why, after years off phishing scams being reported as a very effective ways for malware to get into a system, aren't these tools more commonly used.