Why companies should seek help in malware detection

Companies have shortened the amount of time between malware infection and discovery, but too few organizations detect the breach on their own, a security report found.

The median number between intrusion and detection was 87 days, while the median from detection to containment was seven days, Trustwave found in its 2014 report released Wednesday. The findings were based on 691 data breach investigations conducted over the last year.

Until the latest report, data-protection vendor Trustwave had used average times between infection, detection and containment. On that basis, the time between intrusion and detection was 134 days, a reduction of two-and-a-half months from 2013.

Nevertheless, self-detection of malware remained low at 29 percent, the study found. The majority of organizations were notified of a possible infection by third parties, such as a regulatory body, bank, credit-card company, law enforcement, customer or partner.

"That's just a horrible statistic in general," Karl Sigler, manager of threat intelligence for Trustwave, said.

Once aware of the breach, companies worked quickly to contain it, as the seven-day median shows, Sigler said. Two-thirds of the organizations in the study contained the malware in less than 10 days.

"That's a phenomenal statistic compared to in the past," Sigler said. "Sometimes breaches would take months to actually contain."

Companies' failure to detect breaches on their own is typically due to poor configuration of intrusion detection systems, Sigler said. Organizations also fail to make good use of logs from security systems, servers and other network components to detect anomalies that could indicate an infection.

A lot of companies have the products, but lack the expertise for monitoring network traffic and logs.

"A lot of companies still seem to be under the impression that they can purchase a product and they're secure in some fashion," Sigler said. "Obviously, no product is magic and no product is going to be a silver bullet."

Security appliance vendor Check Point Software Technologies released a report this month that drew similar conclusions. The vendor found that 84 percent of the organizations studied have systems infected with malware and nearly three quarters had at least one bot on their network.

While it's true some malware do not present a threat, detection is the only way to make that determination, experts say.

Trustwave found an increase in the number of companies using third parties to manage security and perform code auditing and penetration testing, Sigler said. The study found that the number of breached organizations with outsourced security fell to 46 percent, a decrease of 17 percent from 2012.

More than half of data-theft incidents involved payment card data, either from e-commerce sites or electronic cash registers, Trustwave found. However, the number of cases that resulted in the loss of sensitive information, such as financial credentials, internal communications and other personally identifiable information, rose 33 percent.

"If this data set speaks to broader trends, it appears that attackers are more aggressively setting their sights on other types of confidential data, and businesses that don't process payment cards should prepare to take action," the report said.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationstrustwavesecurityData Protection | Application Securitydata security breachesAccess control and authenticationsoftwareData Protection | Network Securitydata protection

More about Check Point Software TechnologiesCheck Point Software TechnologiesCheck Point Software TechnologiesPoint Software TechnologiesSoftware TechnologiesTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts