About 49% of enterprise organisations have suffered sophisticated and targeted malware attacks during the past 24 months, according to a new report.
The latest Enterprise Strategy Group (ESG) research study revealed that enterprise IT security professionals are planning to boost their security to protect against rising zero-day and polymorphic threats.
About 62% of survey respondents reported that the endpoint security software was not capable of detecting for detecting zero-day and/or polymorphic malware, which makes them vulnerable to attacks.
ESG senior principal analyst, Jon Oltsik, said when it comes to managing malware risk, enterprises would be best served by implementing a layered approach using proactive and reactive lines of defence through their networks.
"Antivirus software plays a key role in protecting organisations, but it should not be the only method used to deter malware attacks," Oltsik said.
"Additionally, sometimes the biggest vulnerability in an organisation is the computer users. Because employee actions can greatly impact computer security, educating employees on potential threats and how to avoid them should be made a priority."
The reports lists deficient knowledge about cyber security risks as the major factor responsible for probable malware attack, and cause for successful malware attacks.
According to the surveyed IT security professionals, in most cases malwares would infiltrate their organisations after an employee clicks on an infected URL posted in an e-mail, in addition to employees opening an affected e-mail attachment and inadvertently ticking an infected URL while browsing.
About 29% alleged the rise in social networks’ usage as responsible for attacks, while 66% of US respondents did not believe the Government is doing enough in assisting private sector to address cyber security.
57% of respondents reveal that it takes them hours to detect that an asset being compromised by malware, while 19% days of them require days to detect it.
Nearly 74% of businesses have boosted their security budget, with 62% believing their host-based security software cannot detect zero day and/or polymorphic threats.
85% of IT security professionals were worried about some of massive cyber-attacks that could affect critical infrastructure, the economy, and/or national security.