Enterprise Organizations Describe Weaknesses in Malware Detection and Protection

Well here we are halfway through January and you can’t cross the street without hearing about a malware attack or security breach somewhere – Neiman Marcus, Target, Yahoo, Yikes!When my non-technical friends ask me what they should expect moving forward, I’m not exactly a beacon of hope. My usual response is something like, “get used to it, things will likely get worse.” To be clear, I’m not just a cynic (though it’s hard to focus on privacy and security and remain an optimist), ESG data continually indicates that man enterprise organizations are understaffed and lack the right security skills for the current threat landscape. As a result, some security professionals have become the digital equivalent of Sisyphus – forever pushing the cybersecurity rock uphill without any progress. Allow me to offer up some recent ESG research as an example. Security professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked to rate their organizations’ security processes for malware detection/prevention. The research revealed that:• 27% of security professionals rate their organization as “fair” or “poor” in their ability to remediate systems without having to re-image them.• 25% of security professionals rate their organization as “fair” or “poor” in their ability to discover the root cause of a security incident.• 23% of security professionals rate their organization as “fair” or “poor” with regard to their security team’s knowledge of malware variants and techniques.ESG further analyzed this data by segmenting the entire survey population into three buckets: Advanced organizations (i.e. those with relatively strong security skills and processes), progressing organizations (i.e. those with average security skills and processes), and basic organizations (i.e. those with below average security skills and processes). This analysis shows just how bad things can be. For example:• 5% of security professionals working at advanced organizations rate themselves as “fair” or “poor” in their ability to remediate systems without having to re-image them. By comparison, 22% of progressing and 61% of basic organizations rate themselves as “fair” or “poor” in their ability to remediate systems without having to re-image them. • 5% of security professionals working at advanced organizations rate themselves as “fair” or “poor” in their ability to discover the root cause of a security incident. By comparison, 22% of progressing and 52% of basic organizations rate themselves as “fair” or “poor” in their ability to discover the root cause of a security incident. • 13% of security professionals working at advanced organizations rate themselves as “fair” or “poor” with regard to their security team’s knowledge of malware variants and techniques. By comparison, 17% of progressing and 41% of basic organizations rate themselves as “fair” or “poor” in their security team’s knowledge of malware variants and techniques. I should add that the scary thing here is that advanced organizations only account for 24% of the overall enterprise population. In other words, 76% of enterprises (and likely a greater percentage of SMB organizations) are really struggling in a number of critical areas of cybersecurity.This explains why Wall Street is absolutely gaga over Barracuda, FireEye, Palo Alto, and Splunk, why the President issued an executive order (leading to the soon-to-be-published NIST cybersecurity framework), and why security service providers like CSC, Leidos, IBM, Mandiant, and Unisys are so busy. Unfortunately, it also illustrates why there are so many data breaches as well as my lugubrious perspective on cybersecurity past and future.