Connect with us

Hi, what are you looking for?


Incident Response

Report: Roughly One-in-Ten Devices Connecting to Corporate Networks May Be Infected

A survey of IT pros and executives from Brazil, Germany, U.K., Hong Kong and the United States, respondents paints a bleak picture of security.

A survey of IT pros and executives from Brazil, Germany, U.K., Hong Kong and the United States, respondents paints a bleak picture of security.

A survey of IT pros and executives from Brazil, Germany, U.K., Hong Kong and the United States, respondents painted a bleak picture of security. A new survey of C-level executives and IT security administrators reports that an estimated 11 percent of machines and mobile devices connecting to the networks of U.S. participants are infected with malware.

The study, which was commissioned by Check Point Software Technologies, fielded answers from more than 2,600 participants from the U.S., U.K., Hong Kong, Brazil and Germany. According to the report, respondents from Germany and the United States are believed to have had the smallest percentages of infections, with Germany coming in at an estimated nine percent. In the U.K., Hong Kong and Brazil, the estimated percentages were 17, 25 and 23, respectively.

Enterprise NetworksAround the globe, the survey found, the most worrisome element of security is the use of mobile devices by employees.

“BYOD (bring-your-own-device) is a relatively new issue -past few years – that security professionals have had to deal with and this comes out as the number one worry for all countries surveyed,” said Scott Emo, head of software blade product marketing at Check Point. “Security professionals were used to being able to manage and control endpoints accessing their data, and BYOD has put that paradigm on its head.”

“Mobile device owners must be educated by their companies about new mobile threats and how employees can protect themselves, their mobile devices and therefore their companies,” he added.”Companies must also put protection in place to ensure that any data that is accessed via mobile devices remains safe.”

RelatedSenior Corporate Execs Failing in Cyber Risk Management

The survey, which was performed by the Ponemon Institute, found that businesses are not universally running training or awareness programs to prevent targeted attacks, with only 64 percent saying they do so. The price of a cyber attack however remains costly. When asked how much they thought a cyber attack would cost their company – including everything from investigations to forensics to investments in technology – U.S. respondents estimated the amount was $276,000. German respondents put the figure at $298,000, while respondents from Brazil estimated it would cost them approximately $106,000.

Advertisement. Scroll to continue reading.

Following investigations into cyber-attacks, the majority of those surveyed (65 percent) said financial fraud as the cybercriminal’s primary motivation, followed by attempts to disrupt business operations (45%) and theft of customer data (45%). Just five percent said the attacks were driven by political or ideological agendas.

According to the survey, the average number of attacks per week per organization in the U.S. was 79. In Germany, respondents reported an average of 82 attacks against their organizations. In the UK, the average was 68 per week.

Headlining the list of threats were denial-of-service attacks and SQL injection. When asked what the most serious attacks they experienced in the last two years were, 54 percent of the U.S. participants said SQL injection, while 11 percent cited DDoS.

“Companies are constantly facing new and costly security risks from both internal and external sources that can jeopardize the business,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “While the types of threats and level of concern companies have may vary across regions, the good news is that security awareness is rising. Across the board, C-level executives reported high levels of concern about targeted attacks and planned to implement security precautions, technology and training to mitigate the risk of targeted attacks.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.