IT Concerns About Targeted Malware Rising

When it comes to servers, IT and security professionals' concerns about targeted malware and data breaches are escalating while their confidence in their ability to identify and stop advanced threats is on the decline, according to a new survey by security firm Bit9.

"Targeted malware was the top security concern for the second year in a row," says Ilana Goddess, product marketing manager for Bit9, noting that 52.4 percent of survey respondents (up 15 percent from a year ago), cite targeted malware as their primary concern.

"The whole thing with targeted malware is that targeted threats are aimed at you," says Goddess. "They are the most difficult to defend against because it's like a virus that only affects you. And the attackers are not stopping. They'll persist until they get in whether it takes months or years. Antivirus isn't going to work because people haven't seen the signatures before."

In November and December of 2012, Bit9 polled 966 IT and security professionals worldwide for its second annual Server Security Survey. Most respondents (58 percent) administered up to 50 servers; 29 percent administered 100 to 500 servers; and 13 percent administered, on average, 2,000 servers. About one-half (51 percent) said they are running Windows as their primary platform (i.e., Windows comprises more than 75 percent of total servers); 12 percent said they are running Linux as their primary platform (up 13 percent from last year); 2 percent said they run Unix as their primary platform.

One-Quarter of Firms Have Been Victims of Targeted Malware

Goddess notes that it comes as no surprise that respondents again identified targeted malware and data breaches as a top server security concern, given the proliferation of such attacks in 2012. Attacks like Flame, Gauss, mini-Flame and the Flashback Trojan garnered significant media attention last year. Twenty-five percent of Bit9's respondents say they had been the victims of advanced malware (up 8 percent since 2012), while 18 percent said they didn't know whether they had been attacked (according to the F.B.I., two-thirds of breaches are detected by a third party). And according to security firm Mandiant, attackers have, on average, been in place for 416 days prior to detection.

At the same time, server data has become much more vulnerable to attack. Verizon's 2012 Data Breach Investigations report found that 94 percent of all data compromised in 2012 involved servers (an increase of 18 percent from 2011). Goddess says IT and security professionals are losing confidence in their ability to identify and thwart these advanced threats: Only 18 percent of respondents said they were very confident in their ability to stop advanced malware; 59 percent said they were somewhat confident, 20 percent said they were not confident (up from 10 percent in 2011) and 4 percent said they were unsure.

Security Pros Mistakenly Believe Virtual Servers Are More Secure

In addition to an increase in the use of Linux as the primary server platform, companies are increasingly going virtual. One-third of survey respondents say that more than 50 percent of their servers are virtual. Also, half of the respondents said they had deployed virtual desktops, are in the process of rolling them out or have plans to do so.

Goddess says many IT and security professionals believe that their virtual servers are more secure than their physical servers, despite a 2012 Gartner study that found 60 percent of virtualized servers were less secure than the physical servers they replaced.

"People think their virtual servers are more secure than their physical servers, but that's just not the case," Goddess says. "They're really the same vulnerabilities that you find elsewhere in physical servers, but somehow they think of virtual servers as not being as much on the frontline."

For instance, she says, many professionals think the frequent re-imaging of virtual servers protects them from advanced threats. However, she notes, these threats frequently get in and do their damage within 15 minutes, moving on to other areas quickly.

In fact, when asked to rank types of servers according to the risk they represent, only 6 percent of respondents considered virtual servers to be high risk. Most respondents (66 percent) felt Web servers were the most high risk; 38 percent felt file servers were high risk; 34 percent pointed to email servers; 26 percent cited domain controllers; 14 percent labeled application servers high risk; and 11 percent ranked databases as high risk.

Goddess says that may indicate that IT and security professionals are looking in the wrong direction. After all, the most valuable enterprise information is found on file servers (e.g., intellectual property), databases (e.g., customer information) and especially domain controllers (e.g., passwords, administrative rights).

IT and security professionals are also concerned about the administrative effort required by security solutions. When asked to rank their top concerns about server security, nearly 12 percent cited "too much administrative effort on security solution" as a top concern, ranking it even higher than an actual attack.

"These results highlight the need for greater control in identifying and stopping advanced attacks on valuable server resources-before they execute-while decreasing the security-related administrative workloads of IT and security professionals," said Brian Hazzard, vice president of product management for Bit9. "The key to securing enterprise servers-both physical and virtual-is to allow only trusted software to execute and prevent all other files from running."

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at

Read more about network security in CIO's Network Security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags Network | Network Securityadvanced persistent threattargeted malwareNetworkingsecurityBit9data breachmalwarenetworkAPTadvanced threat

More about FacebookGartnerGoogleIT SecurityLinuxMicrosoftVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place