Organisations lack visibility on malware attacks, survey confirms

Many organisations affected by malware in the last year either had no idea how it had bypassed their security or simply suspected their expensively-assembled antivirus defences had failed to detect it, a survey by reputation vendor Bit9 has found.

Reading between the lines of the firm’s 2013 Cyber Security Survey, an unexpected fatalism starts to emerge from the numbers. 

It was not a huge surprise that seven out of 10 of the 250 US and UK IT managers who responded identified the PC (i.e. not tablets or smart phones) as the soft underbelly. That much has been known for some time; security staff understand that Windows is seen by cybercriminals as the most easily-prised door into any organisation.

What was more disquieting was that of the 47% that had experienced at least one cyberattack, a surprising number seemed unable to work out how malware might have been used in such events. Forty per cent believed it had bypassed antivirus, 27% that it bypassed network-level security, 25% that it had arrived on a USB device, 17% while a mobile device (i.e. a laptop) was travelling, while 31% admitted they had no idea.

Just over half rated their organisation’s ability to detect suspicious activity before damage was done as being either average, deficient, or in 2% of cases, "non-existent." The problem is visibility. Only forty-two per cent of respondents believed their organisation’s ability to monitor files in real-time was good or excellent.

Similarly, many admitted they might struggle to work out which endpoints had been affected in an outbreak, whether in real time or when conducting a retrospective forensic investigation.

"The 2013 Cyber Security Survey shows proof that traditional, signature-based security defences cannot keep up with today’s advanced threats and malware," said Bit9 CSO, Nick Levay.

"These statistics are in line with what we hear from our customers: security teams have limited to no visibility into what is happening on their endpoints and servers. If malware is suspected, there is no way of knowing which machine it’s running on, if it executed or what it is doing," he said.

"There are often no historical details to determine when a threat arrived and executed, leading to slow remediation."

According to Levay, the most astonishing statistic was that 13% of those surveyed didn’t even know whether they had experienced a cyberattack or not. Many IT departments were simply struggling to defend themselves using a first-generation security model based on antivirus.

Bit9’s answer is whitelisting technology. It would be an omission in story on the firm not to mention that it had its own security embarrassment earlier this year when an attacker was able to hack one of its digital certificates to install malware at three customers.

"The fact that this happened – even to us – shows that the threat from malicious actors is very real, extremely sophisticated, and that all of us must be vigilant.  We are confident that the steps we have taken will address this incident while preventing a similar issue from occurring again," Bit9 said at the time.

IDG News Service

Read More: malware