The cost of a data breach or malware infection extends well beyond the dollars spent on responding and addressing security issues — productivity takes a big hit as enterprises and consumers spend countless hours dealing with the threats, according to a study from IDC in March, 2014. That is to say nothing about the financial losses associated with the damage of the breached organization’s reputation.
While researchers predicted that enterprises around the globe will spend around $500 billion in 2014 on making fixes and recovering from data breaches and malware, consumers worldwide will likely spend $25 billion as a result of those security threats.
While organizations believe that criminals will account for the lion’s share (two-thirds, or $315 billion) of potential losses in the coming year, employees are accountable for installing as much as 20 percent of the malware that gives hackers access to the internal network.
Of greater alarm, only 71 percent of CIOs and IT managers said their organizations had programs to audit software on end-user computers (i.e., end-points). In addition, 39 percent conducted such audits were being performed less than once a year, meaning that more than half of those end-points ever get audited effectively.
BAI Security, Inc., a Chicago-based IT Security Auditing and Compliance firm recently ranked as 1 of the Top 20 Enterprise Security Firms for 2014 by CIOReview, recently stated the increasing number of breaches is very likely just be the beginning. The firm sees audit failure rates (the ratio of audits that yield a failing grade) as high as 70% in key industries, such as Healthcare, Banking & Finance, and Retail.
So, if only 71% of organizations audit their computer end-points, as found by the IDC study, and if as many as 70% of those fail those audits, that leaves an alarmingly high volume of computer end-points that go untested and if tested are found vulnerable to being compromised.
BAI Security also points out that while traditional audits incorporate “vulnerability testing” as the primary method of identifying security weaknesses on computer end-points, that process rarely detects idle or even active malware on those end-points. Case in point, dozens of high-profile breaches in recent headlines have involved malicious malware being present in the network for weeks, months, or even years without knowledge of the IT Staff.
“To be truly effective at detecting malware on end-points you need to perform a specialized type of audit, which involves a forensic analysis of a computer end-point.”, as stated by BAI Security’s President and CTO, Michael Bruck, in an interview with CIOReview. “For this reason, we recently rolled out a new audit, our Compromise Assessment, which actually incorporates forensic analysis on an enterprise scale to root out previously undetected malware company-wide.”