ThreatTrack Security has published a new study on the challenges faced by malware analysts

Nov 7, 2013 20:31 GMT  ·  By

We see a lot of data breaches occurring each week. However, judging by the results of a new ThreatTrack Security study, their real number could be much higher.

The IT security firm has found that almost 6 out of 10 of the US-based malware analysts they’ve interviewed have investigated or addressed an incident that their company has never disclosed.

The figures show that organizations with more than 500 employees are more likely to have suffered a data breach that they haven’t made public.

40% of the 200 professionals who took part in the survey reported that the lack of enough skilled IT security workers is the main problem when it comes to protecting their organization against cyberattacks.

Interestingly, many malware infections are caused by executives who either visit adult websites, click on malicious links in phishing emails, install shady mobile apps, or allow a family member to use company devices.

In 35% of cases, security professionals lack access to an automated malware analysis system. That’s why it takes over half of them more than two hours to analyze a new malware sample. Only 4% of the respondents said they were capable of carrying out the task in less than one hour.

“While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring. Every day, malware becomes more sophisticated, and US enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments,” said ThreatTrack CEO Julian Waits, Sr.

“This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools.”

The complete report, conducted by Opinion Matters on behalf of ThreatTrack Security, can be found on the IT security firm’s website.