Up to half of US organizations have experienced malware attacks which have had a severe impact on their business operations, according to new research by IDG Connect.
Forty six percent of respondents to a survey of over 200 IT decision makers reported that they had been significantly affected by some form of malware in the past – including ransomware, worms, and adware.
This was despite 88 percent of the companies polled spending over $100,000 a year on data security, with 39 percent spending over $500,000 annually, suggesting that the security hardware and software defences they have invested in often fail to prevent malware from executing on their systems.
Few of the organizations surveyed rely on a single data security product as a foundation for their cyber defences. Most supplement endpoint security solutions – typically those from Microsoft (57%), McAfee (51%) and Symantec (46%) – with additional network appliances (82%), email appliances (56%) and DDoS protection solutions (55%).
Data security incidents inevitably prompt IT decision makers to re-evaluate their existing defences. The research indicates that 91 percent of US organizations would consider implementing a white list security solution, even one that blocks the occasional good file or results in a false positive, as long as that solution could be proved to deliver superior protection against rogue files containing malware.
US companies show strong preferences on who they trust for recommendations on data security products. Two thirds (66%) consult service providers – typically systems integrators, resellers and distributors – and colleagues. And just over half seek advice from their external peers and specialist security solution test houses, most notably Virus Bulletin and AV Test.
“Ransomware, DDoS and advanced persistent threats like phishing and zero day attacks are all increasing in volume and intensity,” said Bob Johnson, IDG Connect principal analyst. “US companies need to evaluate their current data security infrastructure to determine how and where the risk of their business being disrupted by these attacks can best be minimized.”