I'm pleased to announce that, in cooperation with the Ponemon Institute, we have just published a new research report that I think you'll find very interesting. The focus of the report is on browser-borne malware – specifically, the failure of traditional detection-based security technologies in stopping these insidious attacks.
OK, so maybe that part is not surprising. If you've been reading this blog for a while, you've already seen many examples of successful, costly, highly disruptive breaches that started with undetectable browser-borne malware infecting endpoint devices.
But this new research report, based on data collected from 645 organizations with an average of 14,000 employees, revealed a deeper, darker story. I can summarize the findings by saying the problem is all about Pain, Desperation, and Resistance. Let me expand on each of these 3 themes.
Pain – Based on the feedback from all organizations surveyed, they experienced an average of 51 breaches from successful browser-borne malware attacks during the previous 12 months. That's more than four every month! And every time it happens, they estimate the cost to the business is $62,000. So, based on all respondents, they spend $3.2 million or more annually to fix the mess that their detection-based, defense-in-depth architecture failed to prevent. Again, maybe no big surprises, but certainly validation of a huge security problem.
Desperation – OK, this is where it gets interesting. Because these survey respondents are clearly experiencing the pain of browser-borne malware, they are also desperate to solve this problem. And when I say "solve," I don't mean another half-baked detection product that will stop 98% of browser malware. I'm talking about a solution that completely eliminates the problem. So get this – nearly 70% of respondents said they would spend more than half of their IT security budget on a solution that could effectively eliminate 100% of all browse-borne malware! Can you sense the desperation there? These companies are fed up with post-attack fire drills. They want the problem gone and they're willing to pay a premium for that.
Resistance – Now this is where it all gets weird. IT organizations know they have a huge browser malware problem, and they know they want it solved ASAP. And it just so happens that this problem can be solved right now by isolating the browser outside the network, thus preventing all browser malware from entering the network. Great, so what's the problem? Well, apparently 65% of respondents were honest enough to admit they must first "overcome psychological dependency on traditional detection methods." What!! OK, change can be difficult for some people. But in this case, resistance to change and innovation can be very detrimental and costly to the business. It's time for IT organizations to overcome their resistance to change and their unhealthy dependency on obsolete technologies.
Want to learn more? We invite you to register and download a complimentary copy of the entire report on our web site. Even better, join us on February 25 for a live webcast with Larry Ponemon as we review the data in more detail.