Businesses Lack Security Knowledge, Vulnerable to Malware Threats
The majority of respondents have seen an uptick in more sophisticated and targeted malware attacks over the last 24 months.The most likely avenue for a malware attack, and cause for successful malware attacks, is lack of user knowledge about cyber-security risks, according to a survey of 315 North American-based IT security professionals working at enterprise-class organizations (1,000 employees or more) sponsored by Malwarebytes and conducted by Enterprise Strategy Group (ESG). The study also revealed that enterprise organizations are seeing an increase in more sophisticated malware and are making it a strategic priority to add new layers of endpoint security to protect their organizations against advanced zero-day and polymorphic threats commonly used for targeted attacks. "As cyber-attacks become more sophisticated, IT security professionals are realizing that relying on only one layer of endpoint security isn't enough. Each endpoint needs multiple layers of malware detection to ensure complete protection," Marcin Kleczynski, CEO of Malwarebytes, said in a statement. "The reality is, most antivirus products will miss nine out of 10 zero-day malware threats, and having a layered approach blocks advanced threats that traditional antivirus scanners may fail to detect." The ESG report found the majority of respondents have seen an uptick in more sophisticated and targeted malware attacks over the last 24 months. However, 62 percent of organizations surveyed said endpoint security software is not effective for detecting zero-day and/or polymorphic malware, which leaves them vulnerable to these attacks.
Likely avenues for malware to compromise an organization’s system included employees opening an infected e-mail attachment and unwittingly clicking on an infected URL while surfing the Web. Survey respondents indicated an employee clicking on an infected URL posted within an e-mail was the most likely vector for malware to infiltrate their organizations.