Malware threat analysis a waste of time?

According to a survey of over 500 EMEA IT professionals by Ponemon Institute, organisations are dealing with nearly 10,000 malware alerts per week, with only 3.5% of all alerts deemed worthy of further investigation.

The report reveals that cyber security teams spend, on average, 272 hours each week responding to false positive threats as a result of erroneous or inaccurate malware alerts. This costs companies an average of £515,964 each in lost time annually.

In a typical week, an organisation can receive nearly 10,000 malware alerts

“The cost of malware containment is not only money, but time wasted chasing after incidents and working out who, what, when, where and why,” Christopher Boyd, a malware intelligence analyst at Malwarebytes, told Help Net Security.

According to Boyd, companies should prioritise strategies for preventing incidents from recurring, rather than sifting through hours of threat intelligence data to find out the “who, what, when, where and why” of breaches.

The most time is spent on cleaning, fixing and investigating malware incidents

Source: Ponemon/Dumbella

Only 37% of respondents to the study said they use automated tools that capture intelligence and evaluate the true threats of malware.

Experts say that the dramatic increase in the volume and severity of malware has made manual threat prioritisation ineffective, expensive and dangerous.

The Ponemon report lists the recent Target, Home Depot, JPMorgan Chase and Sony Pictures Entertainment breaches as examples of how destructive malware can be to an organisation’s reputation and financial stability.

It is essential for security teams to prioritise the most dangerous threats quickly and accurately.

Cyber security risk assessments form the basis of any comprehensive security regime.

Find out how vsRisk™ can help save you time and costs conducting a risk assessment by watching vsRisk tutorial videos here >>

Leave a Reply

Your email address will not be published. Required fields are marked *