Web-based malware threats primary challenge for industry pros, survey says

Share this article:

As the threat landscape continues to expand, web-based malware threats are what keep security professionals up at night, according to a recent survey.

In a poll of security executives at U.S. and UK companies that currently have or plan to implement a web security solution in 2013, 42 percent listed web-based malware threat protection as the top concern, according to a study conducted by security firm Webroot.

The second most concerning challenge listed was preventing data breaches.

Of the companies participating in the research, eight out of 10 have experienced “web-borne” attacks in 2012, a primary vector for cyber criminals who leverage vulnerabilities in browser add-ons, like Java and Flash.

These results coincide with a separate research report by Websense that revealed 94 percent of endpoints analyzed in its study are currently running a version of Java that is vulnerable to at least one exploit aimed at the software.

With so many threats to take into account concerning web security, 55 percent of polled companies indicated that phishing attacks are the most prevalent web-based incursion, followed by keyloggers and drive-by-downloads, which involves nothing more than visiting a bogus web page to infect one's computer, Webroot found.

According to the study, web-based attacks may have a significant impact on an organization's costs, with 15 percent of polled web security executives estimating the expense of a web attack at $25,000 to $99,999. Thirteen percent believed costs could be anywhere from $10,000 to $499,999, and six percent estimated $500,000 to $10,000,000.

Kapil Raina, director of product marketing at Zscaler, believes that the browser is the "gateway" for most organizations in terms of their services, and security professionals must adapt quickly to the growing threats to "contain the organization costs and brand damage."

"At the end of the day, organizations must protect the end-user...from threats, but also [be] able to control the internet policies an organization has published for its user base," Raina said in an email to SCMagazine.com on Friday.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.