The boss may know better -- the dreaded do as I say, not as I do -- but 40% of malware infections on corporate senior executives' PCs came from visiting infected porn sites. According to a blind survey of 200 security professionals, more than half, or 57%, have investigated data breaches that were kept a secret from customers, partners or stakeholders.
As if IT pros don't have enough to do, it's often the boss that is causing the problems. The survey [pdf], commissioned byThreatTrack, found that bosses, or senior leadership, end up with malware on their PC or mobile device by:
- 56% clicked on a malicious link in a phishing email.
- 47% attached an infected device to a corporate PC.
- 45% let a familiy member uses a company computer.
- 40% surfed to a malware-infected porn site.
- 33% installed a malicious app.
Smaller companies with less than 50 employees are the least likely to hide a data breach, but still 18% from smaller corporations are not disclosed. Two-thirds, or 66%, of U.S. corporations with more than 500 employees do not report data breaches. The survey of IT professionals found that utility and manufacturing companies are the most likely industries to hide that they've been hacked. Breaches go unreported in:
- 79% of manufacturing and utility companies
- 57% of IT and Telecom industries
- 56% of healthcare
Although 40% of corporate IT professionals who worked on a data breach reported they do not have enough highly-skilled personnel on staff to combat cyberattacks, 58% blame ineffective anti-malware solutions. 35% of IT pros responded that the lack of automated malware analysis tools are a "pain point" when it comes to defending against sophisticated threats.
Time it takes to analyze new malware
Only 4% of security professionals can analyze a new malware sample in less than an hour. 45% said it takes between one to two hours; 39% said the analysis requires two to five hours; 14% reported it takes between five and eight hours to analyze.
IT security budgets and data breaches
The size of IT security budgets also plays a part in data breaches that go unreported. 76% of U.S. enterprises that spend between $500,000 and $10 million on IT security do not disclose data breaches to customers. 37.5% of corporations with an IT security budget of over $10 million do not report data breaches. 30% of companies that spend less than $500,000 on IT security do not disclose breaches.
"Not only are unreported compromises doing a disservice to customers, they may even be inhibiting proper attention that needs to be placed on the cybersecurity industry in general," concluded ThreatTrack [pdf]. Furthermore, security pros "face enough challenges trying to protect their companies’ networks from external threats. They certainly don’t need internal forces hindering those efforts. Yet that seems to be what’s happening, with senior executives who let family members use corporate PCs and can’t keep away from pornographic websites."
No comments:
Post a Comment