More than two-thirds of executives are concerned their companies will not be able to stop such threats, and one in five say their biggest concern is not knowing whether an attack is underway, according to ThreatTrack Security.
However, these fears seem to have had little influence in encouraging executives to protect their networks by adopting best practices in cyber-defense technologies and specialized personnel. Of those surveyed, 42% report not having an Incident Response Team in place, and nearly half (47%) report that they are not making use of advanced malware analysis tools.
The independent blind survey of 200 C-level executives at enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in June 2013. The results highlight the opinions of CSO, CIO, CEO and CTO executives related to the cyber security practices of their companies.
At a time when APTs, targeted attacks, zero-day threats and other sophisticated malware have become profitable businesses for malware writers and cybercriminals, many large enterprises are still struggling with how to protect themselves.
It is especially telling that, according to the study, 97% of enterprises with annual security budgets over £650,000 ($1million) still report concerns that they are vulnerable to malware attacks and cyber-espionage tactics.
“Enterprises are facing an unprecedented surge of highly targeted and sophisticated threats that are designed to evade traditional malware detection technologies,” said Julian Waits, CEO at ThreatTrack Security. “The only way to battle these threats effectively is with a combination of highly skilled cyber security professionals armed with the strongest malware analysis tools available. Companies that don’t employ the right mix of people, process and technology are making themselves excellent targets for the cyber bad guys.”
Key findings from the survey include:
- 69% of executives are concerned that their organizations may be vulnerable to targeted malware attacks, APTs and other sophisticated cybercrime and cyber-espionage tactics.
- More than one in five enterprises (21%) say their biggest concern is not knowing whether an attack is taking place.
- 47% say their cyber defense does not include an advanced malware analysis tool, such as a malware analysis sandbox; 42% do not have a dedicated Incident Response Team employed.
- One third of the enterprises surveyed say they are aware of a targeted malware attack against their company, including 50% of financial services firms and 53% of manufacturing companies.
- 82% of financial services firms are concerned about APTs and sophisticated attacks, but only half of them employ an advanced malware analysis tool like a sandbox.
- 36% of enterprises say they are more concerned about losing proprietary intellectual property and trade secrets in a breach than they are about losing their customers’ personally identifiable information (such as credit card data, social security numbers or medical records).