Why companies should seek help in malware detection

Companies have shortened the amount of time between malware infection and discovery, but too few organizations detect the breach on their own, a security report found.

The median number between intrusion and detection was 87 days, while the median from detection to containment was seven days, Trustwave found in its 2014 report released Wednesday. The findings were based on 691 data breach investigations conducted over the last year.

Until the latest report, data-protection vendor Trustwave had used average times between infection, detection and containment. On that basis, the time between intrusion and detection was 134 days, a reduction of two-and-a-half months from 2013.

Nevertheless, self-detection of malware remained low at 29 percent, the study found. The majority of organizations were notified of a possible infection by third parties, such as a regulatory body, bank, credit-card company, law enforcement, customer or partner.

“That’s just a horrible statistic in general,” Karl Sigler, manager of threat intelligence for Trustwave, said.

Once aware of the breach, companies worked quickly to contain it, as the seven-day median shows, Sigler said. Two-thirds of the organizations in the study contained the malware in less than 10 days.

“That’s a phenomenal statistic compared to in the past,” Sigler said. “Sometimes breaches would take months to actually contain.”

Companies’ failure to detect breaches on their own is typically due to poor configuration of intrusion detection systems, Sigler said. Organizations also fail to make good use of logs from security systems, servers and other network components to detect anomalies that could indicate an infection.

A lot of companies have the products, but lack the expertise for monitoring network traffic and logs.

“A lot of companies still seem to be under the impression that they can purchase a product and they’re secure in some fashion,” Sigler said. “Obviously, no product is magic and no product is going to be a silver bullet.”

Security appliance vendor Check Point Software Technologies released a report this month that drew similar conclusions. The vendor found that 84 percent of the organizations studied have systems infected with malware and nearly three quarters had at least one bot on their network.

While it’s true some malware do not present a threat, detection is the only way to make that determination, experts say.

Trustwave found an increase in the number of companies using third parties to manage security and perform code auditing and penetration testing, Sigler said. The study found that the number of breached organizations with outsourced IT functions fell to 46 percent, a decrease of 17 percent from 2012.

More than half of data-theft incidents involved payment card data, either from e-commerce sites or electronic cash registers, Trustwave found. However, the number of cases that resulted in the loss of sensitive information, such as financial credentials, internal communications and other personally identifiable information, rose 33 percent.

“If this data set speaks to broader trends, it appears that attackers are more aggressively setting their sights on other types of confidential data, and businesses that don’t process payment cards should prepare to take action,” the report said.