Breaches driving organization security strategy, survey indicates
Breaches driving organization security strategy, survey indicates

From January to June of 2014, 100 percent of retail organizations had their systems breached, as did 100 percent of agriculture, auto/transportation, education, and healthcare/pharmaceutical organizations, according to a new study.

FireEye put its network and email sensors behind already-existing security systems in 1,200 companies, spanning 20 verticals, and found that nearly all the organizations suffered some sort of breach. In many cases, they were targeted by ‘advanced malware,' or malware consistent with advanced persistent threat (APTs) attacks.

On average, 96 percent of companies were breached, the study found.  

“We are continuing to see this steady increase in the volume of cyber threats and the amount of attack activity out there,” said Dave Merkel, CTO, FireEye, in a Friday interview with SCMagazine.com.

Advanced attacks particularly impacted the agriculture industry with half of breaches coming from advanced malware infections. The auto and transportation industry could attribute 40 percent of breaches to advanced malware, and the education industry had 37 percent of breaches come from advanced malware.

This year, retailers saw a 30 percent uptick in advanced malware infections, which represented 17 percent of attacks.

Merkel didn't find the proliferation of more complex attacks surprising.

“There's a continuing transformation in how crime and espionage and other threats are going to have a larger and larger cyber component,” Merkel said. “And that's what's happening. Before, more advanced guys were in the minority, and now it's the new normal.”

Although the study began after Target's massive breach, it ended before Home Depot and Sony dominated headlines and created greater awareness around enterprise security. Even with more awareness, Merkel said it will take time for businesses to overhaul and amp up security measures.

However, Merkel continued, CISOs and other security team members should use the major breaches to start a dialogue.

“At the end of day, these issues need to be discussed in board room and senior executive level,” he said.