Browser Malware, Operational Hurdles Complicate IT Security

The survey found that 82 percent of respondents are concerned about files containing malicious content downloaded through browsers.

it security and spikes

Breach prevention and detection is more difficult today compared to two years ago, according to 75 percent of businesses surveyed by Spikes Security.

Of that majority, fifty-nine percent report that malware has grown more sophisticated over the last two years. Eighty-seven percent of all organizations surveyed have increased endpoint protection spending in the last two years.

Spikes surveyed 200 IT and information security professionals responsible for or familiar with their organization’s security requirements for browsers deployed on endpoint devices. It found that 84 percent of organizations commonly allow multiple browsers to be deployed on endpoints, which are primary vectors for targeted cyber- attacks.

"This may sound odd, but cyber criminals often don’t get enough credit for their technical expertise. It is obviously from many successful cyber-attacks over the last 12 months that we are dealing with brilliant software developers who have the ability to create and implement very complex, targeted attacks," Franklyn Jones, chief marketing officer of Spikes Security, told eWEEK. "And they only have to succeed once to accomplish their mission."

Jones said this puts businesses in a defensive position, always trying to identify and prevent these attacks before they happen.

"The problem is that they’re dealing with threats that have never been seen before," he said. "So you do detect the undetectable? Unfortunately, you can’t."

Eight-five percent of respondents reported that their IT departments work to keep browsers and patches updated, and 84 percent monitor browser configurations for vulnerabilities.

The survey also found that 82 percent of businesses are concerned about files containing malicious content downloaded through browsers.

"The proliferation of mobile devices has essentially created a 'boundary-less' enterprise where employees can now access insecure content from insecure locations using insecure devices," Jones explained. "IT organizations are beginning to implement stricter security policies and protections to minimize the risks associated with this new reality. But the hardest part is trying to control human behavior, which is a huge root cause of security breaches."

The vast majority (92 percent) of IT respondents said they would characterize their organization as being "very aggressive" or "somewhat aggressive" in terms of their willingness to test and adopt new types of cyber -security technologies, and 90 percent of respondents are familiar with next-generation technologies that isolate Web sessions, and malware, outside the network.

"In the last couple of years, we’ve seen the security pendulum gradually swing from proactive prevention to reactive response. In other words, it seems like some businesses have given up on stopping threats, and now focus more energy on finding and fixing problems after a successful attack. That seems a bit insane, but we agree something has to change," Jones said. "The traditional approaches to network security don’t work anymore, which means it’s time to think differently. This is where isolation technology has shown real value in helping to shut down attack vectors."