IT Uneasy as Malware Attacks Grow
New study reveals that IT organizations feel less secure than they did last year as malware attacks are on the rise.
A new study, conducted by the Ponemon Institute and commissioned by endpoint security specialist Lumension, found that 68 percent of organizations acknowledge that their networks are less secure today than they were a year ago.
The greatest threat is malware. According to the State of Endpoints 2010 study, 43 percent of the 782 respondents have seen a significant increase in malware incidents. In the past, the major threat was from viruses, but now, "IT risk is definitely shifting," said C. Edward Brice, vice president of marketing, Lumension. "Malware is up."
More than a third of the organizations surveyed reported at least 50 malware attacks every month.
While 98 percent of organizations say they are using anti-virus protection, they are not implementing new technologies, such as application whitelisting, leaving them vulnerable to Zero-Day attacks via endpoint devices and third-party applications.
A Zero-Day attack occurs when a hacker takes advantage of a security hole that is unknown or undisclosed to the software developer - it's that window between when a vulnerability is discovered by a hacker and when the software developer fixes it.
The most effective way to prevent Zero-Day attacks is to implement application whitelisting, because it only allows known and safe applications access to the endpoint. According to the survey, only 29 percent of respondents use application whitelisting.
"Probably most surprising this year is that companies are doing themselves no favors by not using the technologies they themselves have identified as most effective at combating endpoint security risks and threats," said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute.
Brice said that application whitelisting is more effective than it used to be. "We have a huge education job," he said of teaching IT professionals and executives about how important whitelisting is today and how much it has improved over the last couple of years. One way Lumension is hoping to spread the word about application whitelisting is with a new Web site called IntelligentWhiteListing.com.
"The time is now to rethink the endpoint security model and transition to a defense-in-depth approach that includes the new generation of application whitelisting technologies," Pat Clawson blogged on IntelligentWhiteListing.com. "Advances in application control and whitelisting have added new levels of flexibility through trusted change engines and whitelist management can integrate with other tools."
According to the survey, the top three challenges facing IT are preventing applications from being installed, discovering which applications have been installed, and ensuring applications are patched. One-third of all organizations allow any application to be installed on any endpoint device, while 38 percent of IT departments only allow sanctioned applications to be installed. However, they often lack the ability to enforce that policy.
Another growing problem for IT security pros is the increasing number of remote users. Fifty percent of respondents ranked remote users as the greatest challenge to security.
Even though the threats continue to change, network visibility remains one of the most important tools for IT. Network administrators need to be able to see what is happening on their network, if they are plodding through their day-to-day operations with a blindfold on, they will spend all of their time putting out fires. However, according to the survey, only 33 percent of respondents have the ability to discover all applications in use on the network. The problem is only being compounded with an ever-increasing number of malware attacks, the adoption of more Web-based applications, and more remote users accessing the network.
ITs ability to mitigate risk and improve security is suffering as the number of attacks increases and network visibility decreases.
"There is a real need to put the appropriate technologies and personnel in place to best-position organizations of all sizes and in all industries for success in the ongoing battle to ward off cyber threats as we head into 2011," Ponemon said.
November 17, 2010
Security-software vendor McAfee's third-quarter threats report finds a huge increase in both the volume and sophistication of malware.