Enterprises gain an 'F' grade in protecting themselves against cybercrime

Enterprises gain an 'F' grade in protecting themselves against cybercrime

Summary: According to new research, the majority of enterprises gain an "F" grade in security.

SHARE:
1credit cnet
Credit: CNET

In the light of increasing and sophisticated cyberattacks, are enterprise systems up to the challenge of defending themselves?

According to new data released by security firm Malwarebytes, the Enterprise Strategy Group (ESG) research study, enterprises are responding to the emergence of more sophisticated malware -- and although adding strategic security layers is now often a priority, many businesses are still ill-equipped to protect systems.

Based on a survey of 315 North American-based IT security professionals working for enterprises -- corporations with 1,000 employees or more -- the researchers at ESG found that the majority of respondents have seen an uptick in more sophisticated, targeted attacks over the past two years. However, most of the survey respondents said endpoint security software is not effective for detecting zero-day malware, as well as polymorphic variations -- including trojans and evolving types of threats.

As a result, enterprises believe they are left exposed to attacks on their systems.

"As cyber-attacks become more sophisticated, IT security professionals are realizing that relying on only one layer of endpoint security isn't enough. Each endpoint needs multiple layers of malware detection to ensure complete protection," said Marcin Kleczynski, CEO of Malwarebytes. "The reality is, most anti-virus products will miss nine out of ten zero-day malware threats, and having a layered approach blocks advanced threats that traditional antivirus scanners may fail to detect."

The study also found that the most likely avenue for malware to be able to infiltrate a system is based on human error. A lack of technological understanding and falling for phishing attacks -- such as the latest Apple Dev Center campaign -- are likely to allow intrusion.

Some of the study highlights include:

  • 29 percent of respondent organizations that have suffered a successful malware attack believe social networks are a main cause of those attacks.
  • It takes 57 percent of respondents hours to detect a system compromised by malware and 19 percent days.
  • 74 percent of enterprises have increased their security budget over the past 24 months.
  • 62 percent of IT professionals believe their host-based security software is not effective for detecting zero day and polymorphic threats.
  • 85 percent of IT security professionals are concerned that a massive cyber-attack could impact critical infrastructure, the economy, and national security. In addition, 66 percent believe that the U.S. government is not doing enough to protect the private sector.
ESG-Infographic2

Topics: Security, Malware, Enterprise 2.0

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • FUD

    For more information contact malwarebyte?? They probably paid for that survey and the goal is just to scare people into buying more of their stuff.
    Jean-Pierre-
    • Possibly...

      I don't know what the enterprise licensing cost on MBAM, but for individuals it is a one time fee. I have some experience on
      Enterprise grade AV/AM solutions, and in my book, they get an "F" too! Especially Symantec and Trend Micro.
      JCitizen
  • Protecting

    Didn't get a lot a lot of value out of the article as it is just repeating what the ESG study has already published online. That said I'm surprised however that only 62 percent of IT professionals believe their host-based security software is not effective for detecting zero day and polymorphic threats.

    IT professionals should know that host based software cannot deal with zero day and polymorphic threats - the software knows only what the vendor knows and have provided in response. Response normally take hours if not days and in a lot of cases requires an incident to have occurred before they do respond.

    and

    85 percent of IT security professionals are concerned that a massive cyber-attack could impact critical infrastructure, the economy, and national security.

    The 15% that aren't concerned may not be fully informed or really understand that all types of controls are vulnerable to at least one if not more published forms of attacks.
    Kingpin.187
  • Really?

    Enterprises gain an 'F' grade in protecting themselves against cybercrime.

    Really? If so, then I can look forward to the discovery that fire is truly hot, water is definitely wet, and lead has been found to be heavier than feathers.

    This news is at least ten years old, and that measure by an absurdly conservative estimate: the congressional discussions and debates surrounding the national omnibus data security bills that have been stuck in congress since 2002 - 2003.
    cd003284@...