57% of U.S. enterprise malware investigations involve data breaches that are never disclosed, with many executives surfing to infected porn sites. The boss may know better — the dreaded do as I say, not as I do — but 40% of malware infections on corporate senior executives’ PCs came from visiting infected porn sites. According to a blind survey of 200 security professionals, more than half, or 57%, have investigated data breaches that were kept a secret from customers, partners or stakeholders.As if IT pros don’t have enough to do, it’s often the boss that is causing the problems. The survey [pdf], commissioned by ThreatTrack, found that bosses, or senior leadership, end up with malware on their PC or mobile device by:56% clicked on a malicious link in a phishing email.47% attached an infected device to a corporate PC.45% let a familiy member uses a company computer.40% surfed to a malware-infected porn site.33% installed a malicious app. Who hides the truth about data breaches?Smaller companies with less than 50 employees are the least likely to hide a data breach, but still 18% from smaller corporations are not disclosed. Two-thirds, or 66%, of U.S. corporations with more than 500 employees do not report data breaches. The survey of IT professionals found that utility and manufacturing companies are the most likely industries to hide that they’ve been hacked. Breaches go unreported in: 79% of manufacturing and utility companies57% of IT and Telecom industries56% of healthcareBiggest hindrances to combating cyberattacks Although 40% of corporate IT professionals who worked on a data breach reported they do not have enough highly-skilled personnel on staff to combat cyberattacks, 58% blame ineffective anti-malware solutions. Thirty-five percent of IT pros responded that the lack of automated malware analysis tools are a “pain point” when it comes to defending against sophisticated threats. Time it takes to analyze new malwareOnly 4% of security professionals can analyze a new malware sample in less than an hour. Forty-five percent said it takes between one to two hours; 39% said the analysis requires two to five hours; 14% reported it takes between five and eight hours to analyze.IT security budgets and data breachesThe size of IT security budgets also plays a part in data breaches that go unreported. Seventy-six percent of U.S. enterprises that spend between $500,000 and $10 million on IT security do not disclose data breaches to customers, while 37.5% of corporations with an IT security budget of over $10 million do not report data breaches. Another 30% of companies that spend less than $500,000 on IT security do not disclose breaches.“Not only are unreported compromises doing a disservice to customers, they may even be inhibiting proper attention that needs to be placed on the cybersecurity industry in general,” concluded ThreatTrack [pdf]. Furthermore, security pros “face enough challenges trying to protect their companies’ networks from external threats. They certainly don’t need internal forces hindering those efforts. Yet that seems to be what’s happening, with senior executives who let family members use corporate PCs and can’t keep away from pornographic websites.”Like this? Here’s more posts:How Microsoft invented, or invisibly runs, almost everythingMicrosoft cybersecurity report warns users about the evils of clinging to XPWireless feature disabled on pacemaker to stop hackers from assassinating CheneyFBStalker and GeoStalker data mining tools can dig into your lifeCryptoLocker crooks charge 10 Bitcoins for second-chance decryption serviceThat’s no poltergeist invading your privacy: Spooky spying hacks make homes seem hauntedMost parents allow unsupervised internet access to children at age 8Microsoft warns of zero-day attack, graphics vulnerability exploited through WordCaptain Justice: Epic legal trolling reply to govt’s motion to ban the word ‘government’Chris Hemsworth goes to ‘nerd school’ for hacking in cyber-terrorism thriller ‘Cyber’Battling against zero-day exploit black market, Microsoft expands $100,000 bug bountyEavesdropping made easy: Remote spying with WeMo Baby and an iPhoneFollow me on Twitter @PrivacyFanatic Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe