An exponential rise in malware means employees are at their highest-ever risk of accidentally installing malicious software onto an enterprise network — an event that happens every four seconds within the average company, a new report has warned.
Security researchers at Check Point analyzed information on over 30,000 security incidents discovered by the company’s ThreatCloud prevention software at more than 1,000 companies across the globe.
They found that employees in industry, finance, government, and other sectors are very much taking a cavalier attitude to cybersecurity and downloading potentially harmful files to their company’s networks.
It’s unknown malware — malicious software which isn’t yet recognized by security systems — which is most likely to be downloaded by employees and according to Check Point, it happened every four seconds on average across the organizations analyzed in the report. There were 971 unknown malware downloads per hour, representing nine times more downloads than the previous year, when the figure was 106 downloads per hour, the company said.
In many cases, it only takes a small modification to a malware’s code for it to become invisible to antivirus software programmers, allowing it to bypass defenses and make its way onto corporate network where it could be used to conduct cyber espionage, steal data, or lockdown systems with ransomware.
If that wasn’t bad enough, researchers found that known malware — malicious software with a recognizable signature — is also being downloaded onto enterprise networks. If it’s known, then why isn’t it blocked? Because many organizations aren’t staying up to date with critical security patch management, thus enabling malicious actors to gain entry to their networks in circumstances that wouldn’t otherwise be possible if patching was properly done.
The rise of mobile devices is a significant factor in the increase in malware attacks. Each smartphone or tablet connected to the company Wi-Fi is yet another attack vector that malicious actors can potentially use in order to gain access to the network — and the enterprise is lagging behind when it comes to securing this space.
But while employees want to use their smartphones to access email and other services, the report points out “no one likes the idea of unilateral restrictions, nor the thought that they are being watched” — meaning that security is often a secondary consideration.
Nonetheless, organizations must take responsibility for protecting data because the report suggests that one in five employees will accidentally cause a data breach either through downloading malware or using malicious Wi-Fi hotspots designed with purpose of carrying out man-in-the-middle attacks to steal data.
But with such a wide variety of threats, there’s no one size fits all approach to securing the enterprise against malware and other cyberattacks.
“While no one technology or technique can hope to provide complete protection from all threat vectors, a well-designed approach combining multiple methods of protection and detection can minimize successful attacks. With additional protections at the post infection stage, organizations can limit damage and lateral movement,” the report says.