Incident Response, TDR, Vulnerability Management

Web-based malware threats primary challenge for industry pros, survey says

As the threat landscape continues to expand, web-based malware threats are what keep security professionals up at night, according to a recent survey.

In a poll of security executives at U.S. and UK companies that currently have or plan to implement a web security solution in 2013, 42 percent listed web-based malware threat protection as the top concern, according to a study conducted by security firm Webroot.

The second most concerning challenge listed was preventing data breaches.

Of the companies participating in the research, eight out of 10 have experienced “web-borne” attacks in 2012, a primary vector for cyber criminals who leverage vulnerabilities in browser add-ons, like Java and Flash.

These results coincide with a separate research report by Websense that revealed 94 percent of endpoints analyzed in its study are currently running a version of Java that is vulnerable to at least one exploit aimed at the software.

With so many threats to take into account concerning web security, 55 percent of polled companies indicated that phishing attacks are the most prevalent web-based incursion, followed by keyloggers and drive-by-downloads, which involves nothing more than visiting a bogus web page to infect one's computer, Webroot found.

According to the study, web-based attacks may have a significant impact on an organization's costs, with 15 percent of polled web security executives estimating the expense of a web attack at $25,000 to $99,999. Thirteen percent believed costs could be anywhere from $10,000 to $499,999, and six percent estimated $500,000 to $10,000,000.

Kapil Raina, director of product marketing at Zscaler, believes that the browser is the "gateway" for most organizations in terms of their services, and security professionals must adapt quickly to the growing threats to "contain the organization costs and brand damage."

"At the end of the day, organizations must protect the end-user...from threats, but also [be] able to control the internet policies an organization has published for its user base," Raina said in an email to on Friday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.