With the amount of data that enterprise organizations need to protect, investing in top-of-the-line, maximum protection IT security systems would seem to be an obvious choice. In reality, though, most large companies aren't adequately guarding themselves against malware threats. According to a recent research study by the Enterprise Strategy Group, 49 percent of enterprise organizations have been the victim of a successful cyberattack in the last two years.
The ESG study, commissioned by anti-malware technology company Malwarebytes, surveyed 315 North America-based IT security professionals at enterprise-class organizations that have at least 1,000 employees. More than 60 percent of respondents agreed that single-layer endpoint security software is ineffective for detecting zero-day and/or polymorphic malware. As cyberthreats become more and more sophisticated, increasing security budgets and upgrading to multilayer detection systems are the only way to ensure complete protection, security professionals say.
"Most anti-virus product will miss nine out of 10 zero-day malware threats, and having a layered approach blocks advanced threats that traditional anti-virus scanners may fail to detect," said Marcin Kleczynski, CEO of Malwarebytes.
Enterprise organizations aren't the only companies that should be concerned about cybersecurity. Small business owners that use computer software in their daily operations should always keep the potential for malware threats in mind. The ESG study revealed that the most likely cause of successful attacks is lack of knowledge about cybersecurity risks. Employees who unwittingly click on an infected URL or email attachment — which can happen in a business of any size —often are responsible for introducing malware into an organization's system.
Of the survey respondents whose organizations suffered a successful malware attack, 29 percent believe that the attacks were due to the increasing use of social networks. In addition to bolstering existing anti-virus software, companies should make sure their employees can recognize cyberthreats in order to maximize IT security.
"Sometimes the biggest vulnerability in an organization is the computer users," said Jon Oltsik, ESG's senior principal analyst. "Because employee actions can greatly impact computer security, educating employees on potential threats and how to avoid them should be made a priority."