A new report from Check Point claims that the average day in an enterprise organization is rife with malware and malicious applications.
A new report, released by security company Check Point on Tuesday, claims that some form of known malware is downloaded every 81 seconds in an enterprise organization. The report also highlights other alarming cybercrime behavior that occurs in businesses every day.
Data was collected from more that 1,100 security "checkups" that were performed by Check Point for companies around the world. According to the report, that data was combined with additional internal and external research to reach the conclusions found by the report.
While the 81 seconds statistic may seem worrisome, there were a few other highlights presented. For example, the report found that every five seconds, a user in an organization accesses a malicious website. Additionally, a high-risk application is used every four minutes and, every 32 minutes, someone sends sensitive or private data outside of the organization.
SEE: Quick glossary: Malware (Tech Pro Research)
Continuing on the malware trend, unknown malware is downloaded every four seconds. The report also found that, every 30 seconds, a "threat emulation event" occurs, and bots are communicating with their control center every 53 seconds. Clearly, there are a lot of security concerns to touch on here.
Of the companies whose data was analyzed in the report, the following represents the portion of each that experienced a major threat:
- Existing bot infections - 75%
- Accessed a malicious site - 82%
- Suffered data loss - 88%
- Downloaded a malicious file - 89%
- Used a high-risk application - 94%
Most of the breaches that were examined for this report happened because of existing vulnerabilities in an enterprise, known malware and social engineering. More users are trying to access malicious sites, the report said, but IT is getting better at stopping them.
Another area of security the report took a look at was mobile.
"Organizations now realize they cannot easily stop employees from connecting their personal devices to corporate resources, because they have discovered that 'bring your own device' (BYOD) greatly increases productivity," the report stated. "Unfortunately, the mobile platform is an attractive target for attackers as most organizations have not put in place controls to effectively protect them."
Of the attack vectors present in mobile, infected apps, network attacks, and OS exploits were the three biggest, the report said. Of course, once access is gained, an attacker will look for information like login credentials, and will exploit other technology like your phone's camera. Check Point recommends that enterprises educate their workforce, better understand risk associated with mobile, enforce security hygiene for all employees, and separate data relative to work and play.
The report also looked at additional attack patterns, noting a rise in ransomware. Code execution was the most popular attack vector for the 2015, which was the year Check Point examined for the study. The top recommendation from the report was for organizations to consider a unified architecture to improve security.
The 3 big takeaways for TechRepublic readers
- A new report from Check Point found that known malware is downloaded every 81 seconds, and unknown malware is downloaded every four seconds in an organization.
- Mobile security continues to rise as a crucial consideration for enterprise security, and businesses must better educate employees about the threats that exist.
- Ransomware is also on the rise, as there are more potential victims and the attacks are more simple to pull off than they were in the past.
- How quantum computing could unpick encryption to reveal decades of online secrets (TechRepublic)
- 20 top US hotels hit by fresh malware attacks (ZDNet)
- How to avoid ransomware attacks: 10 tips (TechRepublic)
- FBI says its malware isn't malware because 'we're the good guys' (ZDNet)
- How to remove pesky malware from your PC with Windows Defender Offline (TechRepublic)