Employing multiple security layers is now absolutely critical for all businesses – and here is why
Enterprises earn failing grades for their cyber security efforts, and small businesses should take watch
Some disturbing information coming from our friendly neighborhood anti-malware stalwarts Malwarebytes. It seems based on findings from a recent survey from the Enterprise Strategy Group (ESG) reveal that enterprise-class organizations (i.e. 1000+ employees) are still much too exposed to targeted attacks on their systems.
While there have been improvements to the general security level of most large organizations, the research has shown that businesses need to prioritize the addition of new layers to their endpoint security. The major reason for this is because currently employed protections are not enough to prevent advanced attacks such as highly sophisticated malware, zero-days, social engineering, and polymorphic threats.
In the past 24 months there has been a surge of these highly sophisticated attacks occurring globally, and even the most security-conscious organizations can fall victim to them. For example Apple is traditionally considered to be highly secure – yet the recent Apple Dev Center attack succeeded because of a phishing campaign, and even more recently Mac OS X devices have been targeted by a new FBI Ransomware.
Some other highlights of this study include:
- 49 percent of organizations reported a successful malware attack in the last 24 months.
- 29 percent of organizations believe that the increasing use of social networks was responsible for those attacks mentioned above.
- 67 percent of respondents claim that the malware landscape in 2013 is worse, or much worse that in 2011.
- 74 percent of enterprises have increased their security budget over the past 24 months in direct response to more sophisticated malware threats.
- 62 percent of respondents believe that their host-based security software is not effective for detecting zero day and / or polymorphic threats.
- 85 percent of IT security professionals (given everything they know about cyber security) are concerned about some type of massive cyber-attack that could impact critical infrastructure, the economy, and / or US national security
- 66 percent of US-based respondents do not believe the US Federal Government is doing enough to help the private sector cope with the current cyber security and threat landscape.
Also check out this infographic from the ESG:
This particular advice is something that we have been saying to clients for years, so it is particularly gratifying to see some research supporting our claims.
To quote Marcin Kleczynski, CEO of Malwarebytes “As cyber-attacks become more sophisticated, IT security professionals are realizing that relying on only one layer of endpoint security isn’t enough. Each endpoint needs multiple layers of malware detection to ensure complete protection. The reality is, most anti-virus products will miss nine out of ten zero-day malware threats, and having a layered approach blocks advanced threats that traditional antivirus scanners may fail to detect.”
If you are a business owner (of any size, not just enterprises) – you simply need to start using multiple security layers in order to (better) ensure that your systems remain secure. For example there is a great deal of difference between a virus-based attack, malware-based attack, zero-day attacks, phishing attack etc. – and one security layer simply cannot account for / protect against all of these threat vectors.
Examples of adding multiple security layers that (even small) businesses can utilize: