https://www.idagent.com/blog/malware-is-a-growing-problem-raising-new-concerns-for-businesses/
Businesses face many cyber threats in today’s volatile risk landscape, but malware and its adjunct ransomware are always top concerns for IT professionals. There’s a very good reason for that. Malware infections can cause massive damage and lead to major problems like lost revenue, bloated payroll hours, big incident response bills, loss of reputation, productivity problems and more. It’s even possible that a malware incident could drive a company out of business. An estimated 60% of companies that endure a cyberattack close within 6 months of the incident. Learning more about the types of malware threats that businesses face and how to defend against them can help IT professionals keep the companies that they secure out of trouble.
Malware Volume Is Increasing
In a recent study, The State of Malware Threats by Dark Reading, it’s clear that malware is a growing problem. Just under 50% of the IT professionals surveyed said that their organizations experienced a year-over-year increase in malware volumes, up from 39% in last year’s survey. That malware is penetrating security far too frequently. Three-quarters of organizations experienced what they consider a major malware-related security breach over the previous 12 months, and 8% say they didn’t know if they experienced one or not.
Have Malware Threats Increased?
by % of respondents
2021 | 2022 | |
Increased significantly | 8% | 14% |
Increased slightly | 31% | 35% |
About the same | 43% | 36% |
Decreased slightly | 4% | 7% |
Decreased significantly | 3% | 3% |
Don’t know | 11% | 5% |
The bright spot is that of the companies that said they had experienced a breach, about 30% said that a breach occurred less than once per year. Another 17% said they dealt with between one and two a year, 8% deal with a whopping three to 11 serious breaches a year and 6% of organizations contend with one every month. Shockingly, 14% say they experienced multiple major incidents every week, with 3% reporting a daily breach.
What Makes Today’s Malware Threats Especially Challenging For IT Professionals?
Unfortunately, not only is malware volume growing, but malware is also becoming more difficult for IT professionals to detect. An estimated 65% of IT professionals surveyed categorized the malware threats they’ve seen in the past year to be harder to detect than in prior years. Malware is also growing more effective. Almost 60% of survey respondents said that the malware they’ve seen in the past year has been significantly more effective at breaching their defenses. Malware risk assessment and exploit analysis is a major ongoing battle that IT professionals cannot escape, slowing response times and snarling defensive activity. About 45% of respondents said that assessment and analysis is a major issue for them. Drilling deeper, 44% said that it is their biggest impediment to a quick response to malware threats. Almost 40% cited figuring out which applications and systems might be affected by a particular malware threat to be their biggest assessment challenge.
Biggest Challenges in Responding to New Malware Threats
in % of respondents
2021 | 2022 | |
Assessing the risk of the exploit | 49% | 44% |
Determining which systems & applications are impacted | 39% | 34% |
Developing a plan for remediation & patching | 31% | 35% |
Analyzing the exploit to find out where it’s gone or going | 18% | 19% |
Determining the attacker’s motivation | 13% | 16% |
What Tools Do IT Professionals Use To Detect Malware
IT professionals rely on an array of tools and sources to gather the threat intelligence that they need to mitigate threats like malware and ransomware. Over 50% of respondents said that they depend on automated malware-detection tools to alert them of a malware infection. Humans also play a major role in malware threat detection. Just under 20% of IT professionals disclosed that they are likely to detect malware threats when end users alert the security team about an issue, or when human analysts notice an anomaly or other indicator in telemetry and logs gathered from internal systems and security controls.
However, the vast majority of organizations are reliant on traditional threat intelligence services and feeds. A near-universal 94% of respondents said that threat intelligence services and feeds are valuable assets in helping them protect their organizations from new malware threats, and almost 40% say that they rely on those sources to learn about new zero-day threats and exploits. That finding is surprising as experts had predicted that instead of relying on those threat intelligence sources, companies would turn to information sharing and analysis centers (ISACs) for information about new and zero-day threats. However, just 16% of respondents said that they primarily learn of zero-day threats from an ISAC, while 52% responded that they typically get that kind of information from a vulnerability disclosure site.
Where Are IT Professionals Looking for Threat Intelligence?
by % of respondents
2021 | 2022 | |
A central vulnerability disclosure site | 46% | 52% |
Threat intelligence feeds & services | 36% | 39% |
Tech news sites | 23% | 21% |
Vendor reports & blogs | 21% | 19% |
ISACs & industry groups | 9% | 16% |
How Can Businesses Avoid Malware Nightmares?
Reduce the chance of malware trouble and mitigate other cyberattack risks with two innovative, powerful and affordable security solutions that you can rely on.
Security Awareness Training
CISA recently recommended that companies step up their security awareness training programs to combat the current flood of ransomware threats. It’s the right move to make – 84% of businesses in a recent survey said that security awareness training has reduced their phishing failure rates, making their employees better at spotting and stopping phishing.
Watch Out for Dark Web Danger
Cybercriminals can do a lot with a compromised credential, like steal data and deploy ransomware. Compromised credentials are easy to obtain on the dark web and they open so many doors. An estimated 60% of data breaches involved the improper use of credentials in 2021.