The growing number of flaws in Web browsers is viewed as the biggest endpoint security headache by today’s IT decision-makers, according to a survey of 685 IT decision-makers by security specialist Malwarebytes.
With the number of exploitable browser vulnerabilities accelerating this year, close to three-quarters (72 percent) of the survey respondents said this makes security difficult in their organization, more so than any other issue.
Despite being the least prevalent specific threat in terms of overall numbers, those who did experience ransomware rated it as most severe in terms of impact, beating out advanced persistent threats (APTs).
“The biggest surprise was the severity at which ransomware damaged operations and information for so many organizations. In fact, the last year has seen a decrease in new and novel types of ransomware while we have seen the emergence of the single worst one of them all, Cryptolocker,” Adam Kujawa, head of malware intelligence at Malwarebytes, told eWEEK. “Usually variants and copycats of malware are either done by competing cybercrime organizations or by the different customers of a malware development suite, sold by the original developers.”
Kujawa explained that Cryptolocker didn’t have many copycats and therefore it appears that a coordinated attack by a single, intelligent and resourceful entity can actually be more dangerous than having similar malware in the hands of dozens of groups.
The survey also revealed growing concerns around traditional security suites, as an overwhelming majority of respondents (84 percent) agreed that traditional antivirus has become less effective in the face of modern threats.
This has seemingly forced those in charge of security budgets to consider a layered approach, with 78 percent of businesses questioned planning to deploy multiple endpoint solutions by the end of 2015.
“One thing that curbs an organization’s efforts to protect themselves from being exploited is the presence of zero-day vulnerabilities. Because software vendors don’t know about them, organizations don’t either, and no patches are available to address them,” Josh Cannell, malware intelligence analyst at Malwarebytes, told eWEEK. “The only way to comprehensively protect against these vulnerabilities is by using a security solution that acts proactively to combat these threats, and there are few options available that do this effectively.”
The research also suggested that enterprise IT teams still discern the largest impact from such threats to be the increased time spent at help desks, with 64 percent saying this was the biggest issue, followed closely by lost employee productivity.
“Businesses can expect to see continuing advancements to ransomware. As the research concluded, ransomware had the most severe impact on organizations surveyed,” Cannell said. “Web exploits also drop ransomware malware as a payload, and it seems likely that the amount delivered to victims will increase as this type of malware continues to advance and become more effective.”
Overall, 82 percent of all organizations surveyed said they have experienced at least one online attack in the last year alone, with the average company being subjected to three, all of which took a severe toll on help desks and employee productivity.