Analysis of networks has revealed that around half have a malware infection, and in half of that sample the malware is regularly communicating with a command and control centre.
Speaking to SC Magazine, Stuart Okin, director of US and EMEA at Cipher, said that of the consultancy work his company had done, he found that of a visit to 20 businesses, and around eight per cent of those would have malware on their endpoints. Of that number, one to two per cent would have ‘active' malware.
Okin said: “What I find interesting is that security departments are not ready for the truth about this. When we tell them what the problem is, there is no way of understanding what we are talking about or dealing with reports. Also, they have bought the best of breed technology and once they find problems, they don't know how to deal with it.
“Once we tell them to lock endpoints down, they do not act on it as they do not have the people to do it.” He confifmed that none of them had appeared to have lost data, although some had experienced disruption to services, despite all of them having up-to-date traditional security controls.
Okin said that a financial services company said that they wished they had never been told about these problems, but would fix them and deal with the risk over the next 12 months of being re-infected and losing data.
“A good chunk [of clients] fall into this category where they know and accept risk,” he said.
Okin said that another client in the hospitality sector said that when they were presented with the data, they asked Cipher how to get budget to deal with the problem.
Asked if it was the case that the size of security teams scaled to the sector or size of the company, Okin said that in the City, he would find that if a company was 1,000 people, there would only be one security person. “This is virtually no security department,” he said.
“All clients had signature-based technology and the C-suite, including the CIO, have no idea that it is not good enough. They have no clue about the firewall; intrusion prevention system and anti-virus are almost useless, as they are clueless about it.
“You do not need to sell on FUD; you need to know about risk and show that eight per cent are infected and it is talking to the command and control centre. No matter what vendor technology you use, there are 250,000 variants out there; it has got to change, it is not about evolution but revolution now.”
Adrian Culley, EMEA technical consultant at Damballa, said that the problem is that there is always more data tomorrow and the greater the system, the greater the challenge to find vulnerabilities. “There is always more data, users need automated responses to help them,” he said.