According to the results of a recent survey of 315 North American IT security professionals at enterprise-class organizations, 62 percent of respondents said their endpoint security software is not effective for detecting zero-day and/or polymorphic malware, leaving them vulnerable to such attacks.

The survey, sponsored by Malwarebytes and conducted by Enterprise Strategy Group (ESG), also found that it takes 57 percent of respondents hours to detect that an IT asset has been compromised -- and for 19 percent, it takes days.

Seventy-four percent of enterprises have increased their security budget over the past 24 months in direct response to more sophisticated malware threats, and 85 percent of respondents are concerned about a massive cyber attack that could impact critical infrastructure, the economy, and/or national security.

"When it comes to managing malware risk, enterprises would be best served by implementing a layered approach using proactive and reactive lines of defense through their networks," ESG senior principal analyst Jon Oltsik said in a statement. "Antivirus software plays a key role in protecting organizations, but it should not be the only method used to deter malware attacks. Additionally, sometimes the biggest vulnerability in an organization is the computer users. Because employee actions can greatly impact computer security, educating employees on potential threats and how to avoid them should be made a priority."