Web-based malware threats primary challenge for industry pros, survey says

Share this article:

As the threat landscape continues to expand, web-based malware threats are what keep security professionals up at night, according to a recent survey.

In a poll of security executives at U.S. and UK companies that currently have or plan to implement a web security solution in 2013, 42 percent listed web-based malware threat protection as the top concern, according to a study conducted by security firm Webroot.

The second most concerning challenge listed was preventing data breaches.

Of the companies participating in the research, eight out of 10 have experienced “web-borne” attacks in 2012, a primary vector for cyber criminals who leverage vulnerabilities in browser add-ons, like Java and Flash.

These results coincide with a separate research report by Websense that revealed 94 percent of endpoints analyzed in its study are currently running a version of Java that is vulnerable to at least one exploit aimed at the software.

With so many threats to take into account concerning web security, 55 percent of polled companies indicated that phishing attacks are the most prevalent web-based incursion, followed by keyloggers and drive-by-downloads, which involves nothing more than visiting a bogus web page to infect one's computer, Webroot found.

According to the study, web-based attacks may have a significant impact on an organization's costs, with 15 percent of polled web security executives estimating the expense of a web attack at $25,000 to $99,999. Thirteen percent believed costs could be anywhere from $10,000 to $499,999, and six percent estimated $500,000 to $10,000,000.

Kapil Raina, director of product marketing at Zscaler, believes that the browser is the "gateway" for most organizations in terms of their services, and security professionals must adapt quickly to the growing threats to "contain the organization costs and brand damage."

"At the end of the day, organizations must protect the end-user...from threats, but also [be] able to control the internet policies an organization has published for its user base," Raina said in an email to SCMagazine.com on Friday.

Share this article:

Sign up to our newsletters

More in News

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.