A blind survey of 200 of malware analysts reveals that the majority acknowledge that they have participated in investigations or security incident response activities for data breaches that were never disclosed the affected organization.
This would indicate that the 621 reported data breaches in 2012 that were included in Verizon’s 2013 Data Breach Investigations Report were only a fraction of the total number of known incidents, leaving an untold number of potential victims in the dark.
Organizations who are least likely to have reported a major breach are companies with more than 500 employees, with 66% of the malware analysts surveyed indicating they worked on network intrusions that were never made public.
“While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring,” said ThreatTrack CEO Julian Waits.
Other findings include:
- nearly 4 in 10 say lack of budget is the biggest challenge
- 67% indicate that malware complexity is a major factor
- Another 67% say the volume of malware-based attacks is overwhelming security efforts
- 58% blame anti-malware products for being ineffective
“Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyberespionage campaigns from overseas competitors and foreign governments,” Waits said.
“This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyberattacks, they also point out deficiencies in resources and tools.”
Read More Here…