Employees download new malware every four seconds, Check Point finds
Unknown malware attacks have increased nine-fold from 2015, driven primarily by employees who accidentally install malicious software onto their company's network – at a rate of every four-seconds, according to a recent Check Point report.
At this rate, 971 unknown malware downloads occur every hour, which is exponentially greater than 2015, when it was 106 downloads per hour. In fact, one in five employees cause network breach through either mobile malware or malicious Wi-Fi.
Further, about 12 million new malware variants were discovered - each month. The report found more new malware discovered in the last two years than in the last 10 years.
Check Point's researchers analyzed over 31,000 Check Point gateways to determine malware trends and threats facing organizations, the impact successful breaches have on organizations and financial effects beyond remediation costs.
Researchers found healthcare records have the highest value on the black market; 10 times more than credit cards or other financial data. And according to the report, 9 percent of healthcare and insurance organizations have experienced a HIPAA data loss.
Additionally, there's been a 60 percent increase in healthcare security incidents in 2015 and a 282 percent leap in security breach costs over the last year. And the report found only 54 percent of healthcare IT professionals have tested the organization's data breach response plan.
"Programs like HIPAA set strict guidelines regarding the intentional or accidental release of personal information, but doing so may open up new vulnerabilities in the process," the report said. "Personal information protection sometimes is prioritized over access control protections."
"While compliance protections for doctors, nurses and administrators with access to data but limited knowledge of cybercrime techniques is certainly important, the focus needs to shift to IoT and access control protections," the report continued.
The most common cause of breaches happens to be the most critical component in cyber defenses: endpoints. The report found attackers leveraged email in 75 percent of attacks and in 39 percent of endpoint attacks, hackers bypassed network gateway firewalls.
Even worse, 85 percent of threats weren't discovered until after the organization was breached. The report explained this is because it only takes a small modification to the malware code for it to become invisible to antivirus software.
To make matters worse, Check Point researchers found that known malware is still being downloaded onto systems, as many organizations aren't keeping up-to-date with critical security patches.
"Innovations like cloud, mobility and IoT are changing the way we deploy, the way we consume, and the way we secure technology," Amnon Bar-Lev, Check Point's president said in a statement. "More and more malware is being put into our ecosystem that traditional security techniques are powerless to prevent."
"Given this, staying a leader requires being one step ahead of things you cannot see, know or control - and preventing attacks before they happen," he added.
Helpful advice on planning your purchase of IDS and IPS tools:
- How to know if your intrusion detection and prevention solution meets HIPAA compliance rules
- 3 key factors to plan your budget for an intrusion protection system
- What to watch: IDS and IPS features to consider when comparing different vendors products