Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Breach Detection, Prevention Harder Than 2 Years Ago Despite Security Spending: Survey

A new report from Enterprise Strategy Group found that many enterprises feel breach prevention and detection is more difficult today than two years ago.

A new report from Enterprise Strategy Group found that many enterprises feel breach prevention and detection is more difficult today than two years ago.

According to a survey of 200 IT and information security professionals, 75 percent agreed that detecting and preventing a breach has become harder. Fifty-nine percent said malware has grown more sophisticated during the last 24 months and presents fresh challenges – even though the vast majority (87 percent) said they have increased endpoint security spending during the same period.

The survey also revealed that 54 percent felt that it was impossible to keep up with the amount of alerts related to endpoint security threats and breaches.

“Despite efforts to stay on top of patches and updates – and spending more on endpoint security products that should detect malware – it is obvious that IT organizations are becoming frustrated in their attempts to stay ahead of cyber criminals,” said Jon Oltsik, senior principal analyst with the Enterprise Strategy Group, in a statement.

A particular focus of the survey was the subject of browser-based breaches. Eighty-one percent of organizations that experienced a security breach within the past 24 months that tied it to an attack that was introduced into the network via a browser classified the time it took to remediate the breach as “very significant” or “significant.”

Some 82 percent of those surveyed said they were concerned about files containing malicious content downloaded via browsers. Eighty-five percent reported that their IT departments work to keep browsers patched, and 84 percent monitor browser configurations for vulnerabilities.

Ninety-two percent said they would characterize their organization as being “very aggressive” or “somewhat aggressive” in terms of their willingness to test and adopt new types of cybersecurity technologies.

“The common web browser is a malware distribution system for advanced persistent threats,” Branden Spikes, CEO and CTO of Spikes Security, which commissioned the study, said in a statement. “It’s simultaneously the most ubiquitous and strategically important application in the enterprise, so naturally it has become the focus for hackers. Every click can potentially place the network and the organization at risk.”

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.