Monday 11 November 2013

The Consequences of CEOs Surfing for Porn

ThreatTrack Security Malware Analysts
Malware analysts don't exactly have it easy. Even though they already protect their companies from external threats, employees easily hinder efforts to adequately defend the company from cyberattacks. ThreatTrack Security released a report revealing the internal challenges that prevent malware analysts from keeping their company networks threat-free.
The Tools and Confidence to Fight MalwareIt's not all bad news. Malware analysts are now better equipped to take on advanced cyber threats and respond quicker to attacks.
At least 38 percent of malware analysts admitted that it's gotten easier to defend their company's network from cyberattacks because they have the necessary tools to defend their organization. A handy weapon that malware analysts in larger companies have employed is an Incident Response Team (IRT). IRTs identify, react to, and remediate threats such as zero-day attacks and Advanced Persistent Threats (APTs).
Secret Hobbies of Senior Executives?Senior executives don't make their malware analysts' lives easy. Several malware infections that plague executives' devices are easily avoidable. A fair amount of companies' senior leaders get their devices infected by clicking on malicious links in a phishing email. Nearly 50 percent of the malware analysts asked said they've removed malware from a PC because of an infected USB drive or smartphone attached to the PC.
But wait, it gets better! Nearly 40 percent of malware analysts have removed malware from senior executives' devices after the leaders visited an infected pornographic website.
The Truth Behind Data Breaches
Malware analysts face an even greater issue than cleaning up their bosses' personal malware messes. Over 50 percent of the analysts included in the survey claimed that they've investigated or addressed a data breach that the company didn't disclose to customers, partners, or stakeholders. The study revealed that larger companies are three times as likely to not disclose data breaches than smaller ones.
Manufacturing and utility companies are the two industries most likely to not disclose data breaches; 79 percent of respondents admitted to keeping quiet about compromises. Over 50 percent of respondents in the IT and Telecom and healthcare industries also admitted to not revealing data breaches.
Forty-five percent of the malware analysts said that it takes them one to two hours to complete an analysis, while it takes between two and five hours for 39 percent. It can take several days for an analyst who has to analyze samples manually. Both the complexity and volume of malware attacks are the most difficult parts of defending an organization against advanced malware. It's a good idea for companies to use more automated malware analysis tools, like sandboxes. Sandboxes can complete malware sample analyses within minutes.
Words of Wisdom for Company LeadersThere's no need to make more unnecessary problems for malware analysts; they have enough on their plate protecting the company from external threats. Internal problems, like lending corporate PCs to family members or visiting pornographic websites, which lead to malware attacks, cause preventable problems for analysts. Undisclosed data breaches are both a disservice to customers and can inhibit analysts from finding solutions to the problem. It takes the combined effort of malware analysts, company leaders, and employees to protect enterprises against cyberattacks.

No comments:

Post a Comment