The findings come from a new Cost of Malware Containment report, commissioned by Damballa, a leader in automated breach detection, which surveyed 551 IT and IT security practitioners across EMEA. The report found that organisations are dealing with nearly 10,000 malware alerts per week, however, only 22% of these are considered reliable. More worryingly, only a small fraction – 3.5% – of all alerts, are deemed worthy of further investigation. This suggests that IT teams are struggling with the resources, or expertise, to block or detect serious malware.
With latest reports revealing that 90% of large companies have suffered a data breach over the last year – at an estimated cost of between £1.46 million and £3.14 million*– the Ponemon findings highlight the importance of focussing efforts on finding and responding to the ‘true positive’, active infections, to mitigate security risks.
Key findings:
· Malware infections have become more severe in the past year. Fifty-seven percent of respondents say the severity of malware infections have significantly increased (14%) or increased (43 %) in the past year. Nearly half (47 %) of respondents report that volume has significantly increased or increased in the past 12 months.
· Many organisations have an unstructured approach to malware containment: Whilst the severity of infections is rising, nearly a quarter of respondents – 23% – report that they have an “ad hoc” approach to containment, with 38% responding that there is no one person accountable for the containment of malware.
· Most organizations do not have automated tools to capture intelligence:
Only 37% of EMEA respondents reported that their organisation has automated tools that capture intelligence and evaluate the true threat driven by malware. Organisations that do have automated tools report that an average of 44% of malware containment does not require human input or intervention and can be handled by these automated tools.
Stephen Newman, CTO of Damballa, noted, “These findings are significant as they highlight the real impact of false malware intelligence. Not only are teams devoting valuable time and resources to hunting down the false positives but they’re also in danger of missing the real infections, which could have a devastating impact.”
He continues: “The severity and frequency of attacks is increasing, so the focus really needs to be on building better intelligence, which means that organisations will have the confidence of knowing exactly where the real threats are. This means that teams can direct their efforts where it is most needed; on finding and quickly remediating the active infections.”