This post is also available in: עברית (Hebrew)
According to a survey carried out by Kaspersky Labs and B2B international, 82% of organizations defend against malicious code, and 80% use anti-spam technologies. The survey included more than 5,000 senior IT executives from around the world, and it revealed that these existing tools are not enough to protect against the increasingly sophisticated attack methods employed by the criminal element.
The volume of criminal activity on the net is impressive. Kaspersky experts identify around 200,000 new malicious programs daily, and 72% of all emails are spam. Noam Froimowitz, CEO of Kaspersky Israel, says that it’s not the volume that counts. Over the last year large organizations faced attacked focused on their IT infrastructures. These attacks are extremely advanced, using methods such as social engineering and zero-day exploits.
Taking the above into account, the Kaspersky survey results are not encouraging. Only a third of the organizations included in the survey encrypt organizational data; only 43% use systems that detect attacks on IT infrastructure (IPS/IDS), while 15% are not even aware of the existence of such systems or aren’t interested in using them. Less than half of the organizations are proficient in the use of third party protection applications, and only 55% use NAC technologies. While the survey results seem to indicate a general failure in the sphere of cyber protection, Kaspersky notes a positive trend: Around a fifth of the organizations intend to integrate one or more of the technologies mentioned above over the next year.
The survey revealed the fact that 35% of organizations keep their data accessible from outside and with no encryption. The organizations are particularly vulnerable to cyber espionage, and to unintended leaks caused by the use of mobile devices and various communication methods. According to the survey one in two organizations use file and directory-level encryption (FLE) to reliably protect business files, and full disk encryption (FDE) to hide the contents of entire drives from prying eyes, including temporary files. Decrypting the encrypted data requires a lot of time and a large amount of resources, perhaps forcing hackers to reconsider the feasibility of their operation. The survey reveals another worrying fact: 34% of organizations don’t use full encryption and 17% are not planning to use encryption in the future.
According to Froimowitz, traditional antivirus technologies were not designed to protect against advanced malicious code or focused attacks. The necessary levels of protection can only be achieved by advanced protection technologies, such as Automatic Exploit Prevention encryption or System Watcher. These technologies are used by Kaspersky’s organizational solution, Kaspersky Endpoint Security for Business; the platform offers protection for all IT components, including servers, workstations and mobile installations – even the workers’ cell phones.