If it seems like businesses are fighting a losing battle against malware and other security threats, it could be because they are.
A new study conducted by ThreatTrack Security found that security professionals are losing ground in the battle against cybercriminals and other adversaries compared with a similar study conducted two years ago:
The study found organizations still struggle mightily with how to combat cybercrime, despite lessons learned from spectacular cyberattacks on Target, Sony and the U.S. government in the last couple of years. There seems to be a growing sense of realism regarding the difficulties of fighting cybercrime, and it’s clear that analyzing advanced malware still takes too long. For most companies, it takes anywhere from one to 24 hours, despite the availability of tools that enable them to analyze code and malicious behavior in minutes.
According to the study, only 20 percent of respondents to the study said they feel their security defenses have improved since the last study (that’s compared to nearly 40 percent who saw improvement two years ago).
Security budgets are still weak, the study found, and that is hindering response times. At the same time, the bad guys are getting smarter and the security systems currently used aren’t keeping up. Respondents said that their biggest obstacles to better security are the increasing complexity of malware and the sheer volume of malware.
This news comes on the heels of a survey from 451 Research on behalf of Vormetric that revealed nearly everyone in IT (91 percent) is worried that their sensitive data is vulnerable to attack. Garrett Bekker, 451 Research senior analyst and report author, was quoted by eSecurity Planet:
Organizations are also spending ineffectively to prevent data breaches, with spending increases focused on network and endpoint security technologies that offer little help in defending against multistage attacks.
If it feels like your security battles are stalled or harder to conquer, you certainly aren’t alone. It really comes down to security being made a higher priority on budget lines, as ThreatTrack President John Lyons said in a formal statement:
[D]espite access to more tools, security analysts – the most critical resource within an enterprise’s cyber defense – remain ill-equipped, underfunded and understaffed in their daily battle against advanced malware.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba