Almost one in five organizations have been the victim of a keylogger attack this year, a new Websense survey reveals.
Over the same time period in 2005, 12 percent of companies suffered a keylogging event, according to the firm’s Web(at)Work Survey, which polled 351 of the nation’s IT decision-makers and 500 U.S. employees ages 18 and up who have internet access at work.
The survey, conducted earlier this year, also revealed bots, software silently installed to a user’s PC and remotely controlled by a malicious attacker, are a growing threat. Nineteen percent of the respondents said bots infected employees’ PCs or laptops, while just over one-third are "very or extremely confident" they can defend against the malware.
Companies continue to battle with spyware – 92 percent of decision-makers reported that their organization had been infected with the malicious software. That was down one percent from the same time period in 2005.
Similar stability was seen with phishing attacks, the survey, released last week, showed. Eighty-one percent of decision-makers said employees at their firms were victims of social engineering assaults through email or instant messenger, compared to 82 percent a year prior.
The most notable jump may be in awareness. Almost 50 percent of employees are aware of phishing, compared to just one-third last year. The survey attributes the rise to "increasing media coverage and nationwide attention."
Despite the improved awareness, employees need to get even smarter about the existing threats, said Dan Hubbard, senior director of security and technology research at Websense.
"Although employee awareness of web-based threats such as phishing attacks and keyloggers is improving, the vast majority of employees still do not know that they could fall prey to these types of social engineering tactics in the workplace," he said. "Organizations need to implement a proactive approach to web security, which includes both technology to block access to these types of infected websites and applications, as well as rigorous employee internet security education programs."