Enterprises gain an 'F' grade in protecting themselves against cybercrime

According to new research, the majority of enterprises gain an "F" grade in security.
Written by Charlie Osborne, Contributing Writer
1credit cnet
Credit: CNET

In the light of increasing and sophisticated cyberattacks, are enterprise systems up to the challenge of defending themselves?

According to new data released by security firm Malwarebytes, the Enterprise Strategy Group (ESG) research study, enterprises are responding to the emergence of more sophisticated malware -- and although adding strategic security layers is now often a priority, many businesses are still ill-equipped to protect systems.

Based on a survey of 315 North American-based IT security professionals working for enterprises -- corporations with 1,000 employees or more -- the researchers at ESG found that the majority of respondents have seen an uptick in more sophisticated, targeted attacks over the past two years. However, most of the survey respondents said endpoint security software is not effective for detecting zero-day malware, as well as polymorphic variations -- including trojans and evolving types of threats.

As a result, enterprises believe they are left exposed to attacks on their systems.

"As cyber-attacks become more sophisticated, IT security professionals are realizing that relying on only one layer of endpoint security isn't enough. Each endpoint needs multiple layers of malware detection to ensure complete protection," said Marcin Kleczynski, CEO of Malwarebytes. "The reality is, most anti-virus products will miss nine out of ten zero-day malware threats, and having a layered approach blocks advanced threats that traditional antivirus scanners may fail to detect."

The study also found that the most likely avenue for malware to be able to infiltrate a system is based on human error. A lack of technological understanding and falling for phishing attacks -- such as the latest Apple Dev Center campaign -- are likely to allow intrusion.

Some of the study highlights include:

  • 29 percent of respondent organizations that have suffered a successful malware attack believe social networks are a main cause of those attacks.
  • It takes 57 percent of respondents hours to detect a system compromised by malware and 19 percent days.
  • 74 percent of enterprises have increased their security budget over the past 24 months.
  • 62 percent of IT professionals believe their host-based security software is not effective for detecting zero day and polymorphic threats.
  • 85 percent of IT security professionals are concerned that a massive cyber-attack could impact critical infrastructure, the economy, and national security. In addition, 66 percent believe that the U.S. government is not doing enough to protect the private sector.
Editorial standards