A computer security company has written a report concluding that 82 percent of U.S. companies have experienced at least one online attack in the last year and 46 percent have experienced three or more attacks.
The report, commissioned by Malwarebytes and carried out by Lawless Research, spoke to 685 different IT “decision-makers”—primarily IT directors, managers, and CEOS—about Web security for their organizations. The respondents were from U.S. companies across a wide variety of fields, from agriculture to retail.
According to the report, 72 percent of the respondents said that the “number of exploitable browser vulnerabilities” was the most pressing security issue for their company, exceeding concerns about mobile security.
“Endpoints” are modes of access to the corporate network of a company and can include computers, mobile devices, tablets and even point-of-sale terminals.
Those surveyed said that the impact of such attacks was primarily a severe drain on company IT resources, with employees busy fixing malware problems rather than other projects; less than 10 percent of respondents said the issue was customer data being lost or stolen.
The report also notes an increase in the rise of ransomware, a specific kind of malware that restricts or otherwise negatively impacts a computer until a ransom is paid to the malware’s creator. Although only 15 percent of the people surveyed reported a ransomware attack of their company, respondents rated it as the highest severity threat for their company.
A McAfee Labs threats report from June noted that after experiencing an enormous rise ransomware in the second quarter of 2013, McAfee data has indicated a downward trend for the malware since then. This, however, could actually signal an increase in ransomware in the near future.
“The number of new ransomware samples has dropped for three straight quarters,” the McAfee report said. “McAfee Labs has confirmed that the trend is not the result of an anomaly. We have several theories for why this is happening, but we haven’t pinpointed an exact cause. It’s also possible we’re seeing a trough before another increase. That has happened with many other types of malware.”
While the amount of new ransomware detected by McAfee has been dropping, the total amount of ransomware has risen every quarter.
Malwarebytes itself has not been immune to security breaches. According to the company, its primary website was not compromised, but the server hosting its forums was. CEO Marcin Kleczynski blamed Invision, the company hosting Malwarebytes servers.
“Invision is known for having vulnerabilities and gets exploited all the time,” Kleczynski wrote on the forums. “Unfortunately, we fell victim to that.”
In a statement provided by Malwarebytes, a spokesperson said “there was no evidence of any risk to personal information, our website or business data” and the firm suggested that its forum users reset their passwords as a precautionary measure.
Photo by Saxon Moseley.