Businesses face many cyber threats in today’s volatile risk landscape, but malware and its adjunct ransomware are always top concerns for IT professionals. There’s a very good reason for that. Malware infections can cause massive damage and lead to major problems like lost revenue, bloated payroll hours, big incident response bills, loss of reputation, productivity problems and more. It’s even possible that a malware incident could drive a company out of business. An estimated 60% of companies that endure a cyberattack close within 6 months of the incident. Learning more about the types of malware threats that businesses face and how to defend against them can help IT professionals keep the companies that they secure out of trouble.
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
Malware Volume is Increasing
In a recent study, The State of Malware Threats by Dark Reading, it’s clear that malware is a growing problem. Just under 50% of the IT professionals surveyed said that their organizations experienced a year-over-year increase in malware volumes, up from 39% in last year’s survey. That malware is penetrating security far too frequently. Three-quarters of organizations experienced what they consider a major malware-related security breach over the previous 12 months, and 8% say they didn’t know if they experienced one or not.
Have Malware Threats Increased?
by % of respondents
|About the same||43%||36%|
The bright spot is that of the companies that said they had experienced a breach, about 30% said that a breach occurred less than once per year. Another 17% said they dealt with between one and two a year, 8% deal with a whopping three to 11 serious breaches a year and 6% of organizations contend with one every month. Shockingly, 14% say they experienced multiple major incidents every week, with 3% reporting a daily breach.
Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work. DOWNLOAD IT>>
What Makes Today’s Malware Threats Especially Challenging for IT Professionals?
Unfortunately, not only is malware volume growing, but malware is also becoming more difficult for IT professionals to detect. An estimated 65% of IT professionals surveyed categorized the malware threats they’ve seen in the past year to be harder to detect than in prior years. Malware is also growing more effective. Almost 60% of survey respondents said that the malware they’ve seen in the past year has been significantly more effective at breaching their defenses. Malware risk assessment and exploit analysis is a major ongoing battle that IT professionals cannot escape, slowing response times and snarling defensive activity. About 45% of respondents said that assessment and analysis is a major issue for them. Drilling deeper, 44% said that it is their biggest impediment to a quick response to malware threats. Almost 40% cited figuring out which applications and systems might be affected by a particular malware threat to be their biggest assessment challenge.
Biggest Challenges in Responding to New Malware Threats
in % of respondents
|Assessing the risk of the exploit||49%||44%|
|Determining which systems & applications are impacted||39%||34%|
|Developing a plan for remediation & patching||31%||35%|
|Analyzing the exploit to find out where it’s gone or going||18%||19%|
|Determining the attacker’s motivation||13%||16%|
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
What Tools Do IT Professionals Use to Detect Malware
IT professionals rely on an array of tools and sources to gather the threat intelligence that they need to mitigate threats like malware and ransomware. Over 50% of respondents said that they depend on automated malware-detection tools to alert them of a malware infection. Humans also play a major role in malware threat detection. Just under 20% of IT professionals disclosed that they are likely to detect malware threats when end users alert the security team about an issue, or when human analysts notice an anomaly or other indicator in telemetry and logs gathered from internal systems and security controls.
However, the vast majority of organizations are reliant on traditional threat intelligence services and feeds. A near-universal 94% of respondents said that threat intelligence services and feeds are valuable assets in helping them protect their organizations from new malware threats, and almost 40% say that they rely on those sources to learn about new zero-day threats and exploits. That finding is surprising as experts had predicted that instead of relying on those threat intelligence sources, companies would turn to information sharing and analysis centers (ISACs) for information about new and zero-day threats. However, just 16% of respondents said that they primarily learn of zero-day threats from an ISAC, while 52% responded that they typically get that kind of information from a vulnerability disclosure site.
Where Are IT Professionals Looking for Threat Intelligence?
by % of respondents
|A central vulnerability disclosure site||46%||52%|
|Threat intelligence feeds & services||36%||39%|
|Tech news sites||23%||21%|
|Vendor reports & blogs||21%||19%|
|ISACs & industry groups||9%||16%|
Get a step-by-step guide to building an effective security and phishing awareness training program. GET GUIDE>>
How Can Businesses Avoid Malware Nightmares?
Reduce the chance of malware trouble and mitigate other cyberattack risks with two innovative, powerful and affordable security solutions that you can rely on.
Security Awareness Training
CISA recently recommended that companies step up their security awareness training programs to combat the current flood of ransomware threats. It’s the right move to make – 84% of businesses in a recent survey said that security awareness training has reduced their phishing failure rates, making their employees better at spotting and stopping phishing.
BullPhish ID is the perfect solution to use to make that happen!
- A huge library of security and compliance training videos with 4 new lessons added a month!
- Choose from plug-and-play or customizable phishing training campaign kits
- Automation makes training painless for everyone1
Watch Out for Dark Web Danger
Cybercriminals can do a lot with a compromised credential, like steal data and deploy ransomware. Compromised credentials are easy to obtain on the dark web and they open so many doors. An estimated 60% of data breaches involved the improper use of credentials in 2021.
Dark Web ID is the answer.
- 24/7/365 monitoring using real-time, analyst-validated data
- Monitoring of business and personal credentials, including domains, IP addresses and email addresses
- Gain priceless peace of mind about dark web dangers
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID and Passly now!