Long-Trusted Detection Technologies Increasingly Ineffective, Says 75%+ of IT and Security Professionals in Findings Released by Spikes Security and Ponemon Institute.
LOS GATOS, CA, February 2, 2015 – Spikes Security, the isolation security company, today announced the results of a sweeping survey conducted by the Ponemon Institute, pre-eminent data privacy and protection experts. "The Challenge of Preventing Browser-Borne Malware" underscores gaps in best practices and priorities, and ways to improve enterprise IT approaches to defend against web-borne malware, cited as the most rapidly growing enterprise data security threat. Among key findings: web-borne malware is likely to have infiltrated more than 75% of enterprises via inherently insecure browsers.
Ponemon surveyed 645 IT and IT security practitioners directly involved in their company's efforts to detect and contain malware at US businesses with an average of more than 14,000 employees.
"The findings of this research reveal that current solutions are not stopping the growth of web-borne malware," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "Almost all IT practitioners in our study agree that their existing security tools are not capable of completely detecting web-borne malware and the insecure web browser is a primary attack vector. Further, the findings are evidence of the need for a more effective solution to stop web-borne malware."
Although all of the companies surveyed deploy a multi-layer, defense-in-depth security architecture, these organizations still experienced an average of 51 security breaches over the past 12 months. This is due to the failure of detection-based security technologies in preventing browser-borne malware. Findings reveal the average cost to respond to and remediate just one security breach resulting from failed malware detection technology to be approximately $62,000 per breach, exclusive of fraud-related costs and impact on valuation. Ponemon estimates that such attacks and infections have cost participating organizations an average of $3.2 million to remediate a security breach caused by web-borne malware.
Other Key Findings:
"While the Web browser has become the most strategically important application on corporate desktops, it is also, unfortunately, the most vulnerable application in terms of being a delivery channel for malware leading to cyber attacks," said Branden Spikes, CEO, CTO, and Founder, Spikes Security. "What many organizations forget is that the browser is the only application that is permitted to download and execute code from a 3rd party location – any external web site. Every time you allow unknown code into your network, you put yourself and your business at risk. This is why browser isolation outside the network is so important. It is the only way to prevent this problem."
A reflection of today's current technologies uses to protect organizations, 74 percent of those surveyed strongly agree or agree that traditional detection-based technologies are becoming ineffective in stopping these attacks. Additionally, only 31 percent of respondents strongly agree or agree that commercial browsers contain effective security tools for blocking web-borne malware.
Detailed Survey Findings and Analysis
A barrier to the detection and containment of malware is a lack of resources. Seventy-seven percent of respondents say it is certain or very likely their organizations have been infected by web-borne malware that was undetected.
According to 51 percent of respondents, they are not receiving the resources or budget they need to effectively detect and contain this threat and 49 percent of respondents say defending against web-borne malware is not a security priority. As a result, the majority of respondents (52 percent) rate their ability to detect and contain web-borne malware as very weak or weak.
To download the entire research report, and register for the February 25 webcast with the Ponemon Institute on this report, please visit http://goo.gl/xgvBJM.
About Ponemon Institute
Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world. Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. www.ponemon.org.
About Spikes Security
Spikes Security is a venture-backed Silicon Valley start-up founded in 2012. The company is focused on delivering secure, scalable, high performance appliance and software solutions that empower businesses with the freedom to safely leverage the web without fear of cyber attacks. Its initial offering is AirGap™, a powerful browser security solution that prevents all browser-borne malware from entering corporate networks and infecting endpoints. www.spikes.com