IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Hailey Lynne McKeefry has spent more than 23 years writing about technology and business. She began her career as an editor at such periodicals as Macintosh News, EBN, and Windows Magazine. After more than 16 years as a freelance journalist, she has written about a broad variety of technology topics, with a focus on security, storage, healthcare, and SMBs. Living in the heart of the Silicon Valley, Hailey has written for many top business-to-business publications and Websites including Information Week, CRN, eWeek, Channel Insider, Channel Pro, Redmond Channel Partner, Home Office Computing, and TechTarget. She graduated from the University of California at Santa Cruz with a BA in literature.
Ordinarily, we talk about growth as a good thing. If the economy grows, it’s excellent news, for example. On the malware front, though, huge growth does not make for happy headlines.
By all measures, the malware news is pretty much all bad. “Every type of malware is growing unabated and shows no sign of slowing down,” Deepak Thakkar, director product marketing, datacenter security solutions at McAfee, told IFSEC Global in an interview. “It is becoming critical that we study the nature of malware.”
Viruses, Trojans, worms, spyware, adware, advanced persistent threats (APTs), and crimeware, are all growing. In fact, McAfee catalogues more than 100,000 new malware samples each day, a 50 percent growth over last year. “You name it, it’s happening,” says Thakkar. “These threats are increasing in volume and getting more sophisticated.”
The rise in malware itself would not be worrisome, if not for the fact that the rate that important and sensitive data is exiting the network weren’t following a similar trajectory.
Today, most users report that there is some sort of security solution on their systems. In fact, only 2.9 percent of users currently have no security product installed, according to the “IT Security Survey 2013” from AV Comparatives released last month, which surveyed more than 4,000 computer users worldwide. Worldwide, 55.2 percent pay for their security solutions, while 41.0 percent use a free antivirus or Internet security solution.
Nearly three quarters (72.7 percent) said that high protection levels are most important, while 27.3 pointed to low impact on system performance. Detection rate, malware removal/cleaning capabilities, heuristic detection, and protection while surfing the web top the list of critical security capabilities, according to AV Comparatives.
Unfortunately, a single-point solution probably isn’t enough to adequately protect the user, the organization, and its critical data. “You have to take a multipronged approach,” warns Thakkar. “Small and midsized businesses are spending time and money on security, but the bad guys are doing a better job of staying ahead of the curve compared to point solutions.”
Further, organizations need to leverage a combination of holistic technology, end-user training, and strong and enforceable policy to start to address malware effectively. Late last year, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the London Action Plan (LAP) released a cooperative international report that outlines best-practices in these areas. Titled “Best Practices to Address Online and Mobile Threats,” the report assesses Internet security as it stands today and explains in non-technical language the proactive steps that can help mitigate risks.
Let us know on the message board what you are doing in your organization, as well as the biggest challenges you face.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Infographic: Investigating the State of MalwareOrdinarily, we talk about growth as a good thing. If the economy grows, it’s excellent news, for example. On the […]
Hailey Lynne McKeefry
IFSEC Insider | Security and Fire News and Resources
Subscribe
7 Comments
Oldest
NewestMost Voted
Inline Feedbacks
View all comments
shipwreck
April 19, 2013 2:41 pm
As I see it, there are basically two types of malware, but security can only protect against one. Type one, pure malicious attacks against a company, for the purpose of damaging operations. No security system so far can prevent this type of attack, since it usually comes from outside and is not even detectable by the user. Denial of service is an example of this. Type two, an attempt to steal data, can be prevented most of the time, if the company is wiling to take the hit on performance. The data thefts we hear about are usually due to inadequate security.… Read more »
Shipwreck, hackers have to stay a head of security because we are the ones closing the holes. The only saying goes we have to be lucky all of the time they only have to be lucky once. You broke down the types of attacks that a company can face into two different types and I am not disagreeing with your analysis but I have seen where an attempt to break and steal data fails and leads to a denial of service type of attack. I would be careful of how I would label an attack because a denial of service… Read more »
SunitaT
April 20, 2013 7:31 am
Worldwide, 55.2 percent pay for their security solutions, while 41.0 percent use a free antivirus or Internet security solution.
@Hailey, I am curious to know how secure are the Internet security solution tools which are available for free on internet ? Can such free tools give good protection against malwares ?
In type 1, shipwreck, you may not be able to avoid it, but i do think organizations need to be thinking about ways to mitigate. I was running a site that was taken down as collateral damage to a DDoS attack and our IT team ended up retrieving the server from the servcie provider to put it on the corporate network and get outide the reach of the threat. IT was critical that we had a plan–and i know it reduced our downtime substantially.
The other piece of this puzzle, Jonathan and Shipwreck, is that increasingly DDoS attacks are being used as distractions that take IT’s attention off hte ball while the malware maker brings malware in the back door unseen. It’s a really bad one two punch and in the end the malware is the bigger part of the problem.
@Sunita, good question and I wish there was an easy answer. Free antivirus and antimalware products are often quite good. before using these solutions though, organizations need to think about how critical updates are (paid apps are probably updated more often), whether they need reporting or testing tools, etc. No matter what, something is better than nothing.
JonathanL
April 24, 2013 11:03 am
I was looking through the graphic again and had a thought. I wonder what percentage of these threats were the same threat rehashed in a different way. That is to say many exploits start with the same vulnerability but attack it in a different way. I think that would be interesting to see in the future.
As I see it, there are basically two types of malware, but security can only protect against one. Type one, pure malicious attacks against a company, for the purpose of damaging operations. No security system so far can prevent this type of attack, since it usually comes from outside and is not even detectable by the user. Denial of service is an example of this. Type two, an attempt to steal data, can be prevented most of the time, if the company is wiling to take the hit on performance. The data thefts we hear about are usually due to inadequate security.… Read more »
Shipwreck, hackers have to stay a head of security because we are the ones closing the holes. The only saying goes we have to be lucky all of the time they only have to be lucky once. You broke down the types of attacks that a company can face into two different types and I am not disagreeing with your analysis but I have seen where an attempt to break and steal data fails and leads to a denial of service type of attack. I would be careful of how I would label an attack because a denial of service… Read more »
Worldwide, 55.2 percent pay for their security solutions, while 41.0 percent use a free antivirus or Internet security solution.
@Hailey, I am curious to know how secure are the Internet security solution tools which are available for free on internet ? Can such free tools give good protection against malwares ?
In type 1, shipwreck, you may not be able to avoid it, but i do think organizations need to be thinking about ways to mitigate. I was running a site that was taken down as collateral damage to a DDoS attack and our IT team ended up retrieving the server from the servcie provider to put it on the corporate network and get outide the reach of the threat. IT was critical that we had a plan–and i know it reduced our downtime substantially.
The other piece of this puzzle, Jonathan and Shipwreck, is that increasingly DDoS attacks are being used as distractions that take IT’s attention off hte ball while the malware maker brings malware in the back door unseen. It’s a really bad one two punch and in the end the malware is the bigger part of the problem.
@Sunita, good question and I wish there was an easy answer. Free antivirus and antimalware products are often quite good. before using these solutions though, organizations need to think about how critical updates are (paid apps are probably updated more often), whether they need reporting or testing tools, etc. No matter what, something is better than nothing.
I was looking through the graphic again and had a thought. I wonder what percentage of these threats were the same threat rehashed in a different way. That is to say many exploits start with the same vulnerability but attack it in a different way. I think that would be interesting to see in the future.