Malware, Vulnerability Management

More than half of corporate breaches go unreported, according to study

In a survey of 200 security professionals who deal with malware analysis for U.S. businesses, 57 percent revealed they investigated or addressed a data breach their company never disclosed.

The October study, “Malware Analysts Have the Tools to Defend Against Cyber-Attacks, But Challenges Remain,” was put out this Wednesday by cyber defense firm ThreatTrack Security and was conducted by research agency Opinion Matters.

“While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring,” Julian Waits, ThreatTrack CEO, wrote in a Wednesday statement emailed to SCMagazine.com.

Some of the reasons Waits is not shocked is because almost half of the respondents reported not having enough highly skilled security staffers and, furthermore, a lot of their time is spent ameliorating simple and easily avoidable infections stemming from higher-ups in the company.

Following malicious links in phishing emails, downloading malicious apps, sharing computers with family and visiting pornographic websites are just some of the reasons that executives are infecting their company's networks with malware.

“This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber attacks, they also point out deficiencies in resources and tools,” Waits wrote.

The majority of analysts pointed to intricacies of the malware, the sheer amount of it and the futility of anti-malware solutions as the primary difficulties in defending corporate networks. Additionally, only a small percent reported having the ability to analyze new malware in less than a couple of hours.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.