Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, July 25, 2013

Sophisticated Malware Is Stumping Security Pros

The ferocious nature of modern malware is wreaking havoc on some organizations, forcing security professionals to reassess current security policies and consider spending on modernizing defenses to detect attacks, according to a new survey. It found that 74 percent of respondents have increased their security budgets over the past two years in direct response to more sophisticated malware threats. Businesses need to assess their current defenses to avoid making impulsive spending decisions, said Jon Oltsik, senior principal analyst at Enterprise Strategy Group, in his “Malware and the State of Enterprise Security” report.


“Many organizations lack the right staff size or skills necessary to address malware threats, but given their current workload and the information security skills shortage, it is unlikely they can fill this void quickly,” Oltsik said in his report.

Sixty-two percent of those surveyed believe their host-based security software is not effective for detecting zero-day attacks and other malware designed to bypass the software and remain stealthy on systems.

Security professionals should become intimately familiar with these phases so they can implement appropriate security controls for each phase and recognize anomalous behavior that may be associated with one or many phases of an attack.”

In addition, the survey found that 42 percent of organizations are testing or implementing security technologies that use sandboxing technology, virtual environments where files are quickly analyzed before being passed on to the end user.

About 39 percent of those surveyed said a group of security analysts dedicated to malware intelligence and analysis was created at their organization.

“While security professionals understand the basic concepts about malware, the [Enterprise Strategy Group] research indicates that a large number are unfamiliar with advanced malware properties.



Posted on 07/25