Web-based malware threats primary challenge for industry pros, survey says

Share this article:

As the threat landscape continues to expand, web-based malware threats are what keep security professionals up at night, according to a recent survey.

In a poll of security executives at U.S. and UK companies that currently have or plan to implement a web security solution in 2013, 42 percent listed web-based malware threat protection as the top concern, according to a study conducted by security firm Webroot.

The second most concerning challenge listed was preventing data breaches.

Of the companies participating in the research, eight out of 10 have experienced “web-borne” attacks in 2012, a primary vector for cyber criminals who leverage vulnerabilities in browser add-ons, like Java and Flash.

These results coincide with a separate research report by Websense that revealed 94 percent of endpoints analyzed in its study are currently running a version of Java that is vulnerable to at least one exploit aimed at the software.

With so many threats to take into account concerning web security, 55 percent of polled companies indicated that phishing attacks are the most prevalent web-based incursion, followed by keyloggers and drive-by-downloads, which involves nothing more than visiting a bogus web page to infect one's computer, Webroot found.

According to the study, web-based attacks may have a significant impact on an organization's costs, with 15 percent of polled web security executives estimating the expense of a web attack at $25,000 to $99,999. Thirteen percent believed costs could be anywhere from $10,000 to $499,999, and six percent estimated $500,000 to $10,000,000.

Kapil Raina, director of product marketing at Zscaler, believes that the browser is the "gateway" for most organizations in terms of their services, and security professionals must adapt quickly to the growing threats to "contain the organization costs and brand damage."

"At the end of the day, organizations must protect the end-user...from threats, but also [be] able to control the internet policies an organization has published for its user base," Raina said in an email to SCMagazine.com on Friday.

Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.