From: ZDNet
Summary: According to new research, enterprise malware analysts often address data breaches which are kept under wraps by companies.
By Charlie Osborne for Zero Day
Over half of data breaches suffered by U.S. companies go undisclosed, according to enterprise malware analysts.
A new ThreatTrack Security survey found that 57 percent of malware analysts working on enterprise-related data breaches have addressed security problems that U.S. firms failed to disclose. Due to company dishonesty — perhaps in order to save reputations or avoid difficult questions by customers and investors — it may be that data breaches are more widespread than first believed, and businesses are even further behind than thought in the fight against cyberattackers.
Security vulnerabilities and cyberattacks have become critical problems for companies worldwide. If breached, a company network could become a treasure trove for hackers, potentially full of customer details — including telephone numbers, addresses and card details — sensitive corporate data, or information which impacts national infrastructure security. A number of high-profile breaches have taken place this year, including LivingSocial, Evernote and the Federal Reserve.
Verizon’s 2013 Data Breach Investigations Report said that 621 data breaches were confirmed in 2012. However, if considered in tandem with ThreatTrack’s data which says 66 percent of malware analysts working with 500+ employee enterprises have dealt with undisclosed security problems, the confirmed 621 attack number may be significantly underreported.
The independent blind survey of 200 security professionals within U.S. companies was conducted by Opinion Matters on behalf of the security company in October this year.
“While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring,” said ThreatTrack CEO Julian Waits. “Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments. This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools.”
Leave a Reply