Web-based malware threats primary challenge for industry pros, survey says

Share this article:

As the threat landscape continues to expand, web-based malware threats are what keep security professionals up at night, according to a recent survey.

In a poll of security executives at U.S. and UK companies that currently have or plan to implement a web security solution in 2013, 42 percent listed web-based malware threat protection as the top concern, according to a study conducted by security firm Webroot.

The second most concerning challenge listed was preventing data breaches.

Of the companies participating in the research, eight out of 10 have experienced “web-borne” attacks in 2012, a primary vector for cyber criminals who leverage vulnerabilities in browser add-ons, like Java and Flash.

These results coincide with a separate research report by Websense that revealed 94 percent of endpoints analyzed in its study are currently running a version of Java that is vulnerable to at least one exploit aimed at the software.

With so many threats to take into account concerning web security, 55 percent of polled companies indicated that phishing attacks are the most prevalent web-based incursion, followed by keyloggers and drive-by-downloads, which involves nothing more than visiting a bogus web page to infect one's computer, Webroot found.

According to the study, web-based attacks may have a significant impact on an organization's costs, with 15 percent of polled web security executives estimating the expense of a web attack at $25,000 to $99,999. Thirteen percent believed costs could be anywhere from $10,000 to $499,999, and six percent estimated $500,000 to $10,000,000.

Kapil Raina, director of product marketing at Zscaler, believes that the browser is the "gateway" for most organizations in terms of their services, and security professionals must adapt quickly to the growing threats to "contain the organization costs and brand damage."

"At the end of the day, organizations must protect the end-user...from threats, but also [be] able to control the internet policies an organization has published for its user base," Raina said in an email to SCMagazine.com on Friday.

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.