Connect with us

Hi, what are you looking for?


Malware & Threats

Breach Detection, Prevention Harder Than 2 Years Ago Despite Security Spending: Survey

A new report from Enterprise Strategy Group found that many enterprises feel breach prevention and detection is more difficult today than two years ago.

A new report from Enterprise Strategy Group found that many enterprises feel breach prevention and detection is more difficult today than two years ago.

According to a survey of 200 IT and information security professionals, 75 percent agreed that detecting and preventing a breach has become harder. Fifty-nine percent said malware has grown more sophisticated during the last 24 months and presents fresh challenges – even though the vast majority (87 percent) said they have increased endpoint security spending during the same period.

The survey also revealed that 54 percent felt that it was impossible to keep up with the amount of alerts related to endpoint security threats and breaches.

“Despite efforts to stay on top of patches and updates – and spending more on endpoint security products that should detect malware – it is obvious that IT organizations are becoming frustrated in their attempts to stay ahead of cyber criminals,” said Jon Oltsik, senior principal analyst with the Enterprise Strategy Group, in a statement.

A particular focus of the survey was the subject of browser-based breaches. Eighty-one percent of organizations that experienced a security breach within the past 24 months that tied it to an attack that was introduced into the network via a browser classified the time it took to remediate the breach as “very significant” or “significant.”

Some 82 percent of those surveyed said they were concerned about files containing malicious content downloaded via browsers. Eighty-five percent reported that their IT departments work to keep browsers patched, and 84 percent monitor browser configurations for vulnerabilities.

Ninety-two percent said they would characterize their organization as being “very aggressive” or “somewhat aggressive” in terms of their willingness to test and adopt new types of cybersecurity technologies.

“The common web browser is a malware distribution system for advanced persistent threats,” Branden Spikes, CEO and CTO of Spikes Security, which commissioned the study, said in a statement. “It’s simultaneously the most ubiquitous and strategically important application in the enterprise, so naturally it has become the focus for hackers. Every click can potentially place the network and the organization at risk.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.