Malicious websites visited every five seconds by enterprise workers, report

The 2016 Security Report highlights the difficulties security pros at enterprise organisations encounter as they attempt to strengthen vulnerable systems.
The 2016 Security Report highlights the difficulties security pros at enterprise organisations encounter as they attempt to strengthen vulnerable systems.

A user at an enterprise organisation accesses a malicious website every five seconds, according to research published by CheckPoint Software Technologies.

The 2016 Security Report highlights the difficulties security pros at enterprise organisations encounter as they attempt to strengthen vulnerable systems. The researchers used data from 1,100 ‘security checkups,' which were connected to 31,000 different security gateways, Check Point vice president of product management Gabi Reish told SCMagazine.com.

Malware was downloaded every 81 seconds by the average enterprise organisation in 2015, compared to every six minutes in 2014.

The report set off a debate among security researchers over the classification of known and unknown malware. Core Security threat researcher Nick Buchholz noted that new variants of malware are created rapidly, but wrote in an email to SC that these “are largely variants of existing malware” that employ minor code, command and control server, or crypting changes.

Other security pros have noted a similar pattern. Jeff Harris, vice president of security solutions at Ixia, told SC that while the number of unknown malware was growing “exponentially for many years, it is still growing, but now incrementally” because malware developers are using old malware with minor updates.

“I would consider that known malware, although some would call it unknown,” Ixia CMO Marie Hattar told SC, referring to the slight variants to familiar strains of malware.

The complex risks have prompted a growing number of enterprise organisations to employ multiple layers of security technologies that function in alignment and provide a consolidated view, Reish told SC. “They are in a better position to mitigate these threats and respond faster,” he said.

Enterprises are lately scrambling to secure flawed systems after vulnerabilities affecting firewalls were leaked the Shadow Brokers group last month.

High-risk applications such as VPNs, BitTorrent, and Anonymisers are used every four minutes by the average enterprise organisation, Reish told SC, and the study found that 50 percent of enterprises do not restrict access to these high-risk applications.

The report underscored the need for information security training, noting that sensitive data is sent outside of the organisation every 32 minutes at the average enterprise organisation.

Other security pros noted the ongoing success of malicious e-mail. Spam e-mail is “a prime vector for attackers because it takes little effort to craft a payload that can bypass spam filters” and entice victims, Buchholz said.

Invincea CEO Anup Ghosh said spear-phishing attacks continue to be a successful attack vector for malware distribution. Spear-phishing “always works,” he told SC. “That's why they keep using it.”