SOURCE: ThreatTrack Security Inc.

ThreatTrack Security Inc.

November 06, 2013 09:00 ET

Majority of Malware Analysts Aware of Data Breaches Not Disclosed by Their Employers

ThreatTrack Security Survey Finds 57% of Enterprise Malware Analysts Have Investigated or Addressed a Data Breach That Was Never Disclosed

CLEARWATER, FL--(Marketwired - November 06, 2013) - ThreatTrack Security today published a study that reveals mounting cybersecurity challenges within U.S. enterprises. Nearly 6 in 10 malware analysts reported they have investigated or addressed a data breach that was never disclosed by their company.

These results suggest that the data breach epidemic -- totaling 621 confirmed data breaches in 2012, according to Verizon's 2013 Data Breach Investigations Report -- may be significantly underreported, leaving enterprises' customers and data-sharing partners unaware of a wide array of potential security risks associated with the loss of personal or proprietary information. Moreover, the largest companies, those with more than 500 employees, are even more likely to have had an unreported breach, with 66% of malware analysts with enterprises of that size reporting undisclosed data breaches.

The independent blind survey of 200 security professionals dealing with malware analysis within U.S. enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in October 2013. In addition to the alarmingly high number of undisclosed data breaches reported, the study highlights several other challenges enterprise cybersecurity professionals face.

"While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring," said ThreatTrack CEO Julian Waits, Sr. "Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments. This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools."

Outmanned, Outgunned and Out of Time

40% of respondents reported that one of the most difficult aspects of defending their organization's network was the fact that they don't have enough highly-skilled security personnel on staff. To exasperate matters, their time is often spent tackling easily avoidable malware infections originating at the highest levels of their organization. At the following rates, malware analysts revealed a device used by a member of their senior leadership team had become infected with malware due to executives:

  • Visiting a pornographic website (40%)
  • Clicking on a malicious link in a phishing email (56%)
  • Allowing a family member to use a company-owned device (45%)
  • Installing a malicious mobile app (33%)

When asked to identify the most difficult aspects of defending their companies' networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions, underscoring the fundamental importance of a multi-layered, advanced cyber defense.

More than half (52%) of all malware analysts said it typically takes them more than 2 hours to analyze a new malware sample. Conversely, only 4% said they are capable of analyzing a new malware sample in less than an hour. Not surprisingly, 35% said one of the most difficult aspects of defending their organization from advanced malware is the lack of access to an automated malware analysis solution, which cuts analysis times to just minutes.

USA #1

Acutely aware of current cybersecurity news and often the country of origin for attacks launched against their networks, the study asked malware analysts for their opinions on government-sponsored cyber espionage. 37% of respondents said the U.S. is the country most adept at conducting cyber espionage. China was a close second at 33%.

Full survey results are available upon request, and an executive report with additional analysis can be found at:

About ThreatTrack Security Inc.

ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware that are designed to evade the traditional cyber-defenses deployed by enterprises, and small and medium-sized businesses (SMBs) around the world. The company develops advanced cybersecurity solutions that analyze, detect and remediate the latest malicious threats, including its ThreatAnalyzer malware behavioral analysis sandbox, VIPRE business and consumer antivirus software, and ThreatIQ real-time threat intelligence service. Visit to learn more.


Copyright © 2013 ThreatTrack Security, Inc. All rights reserved. All other trademarks are the property of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.

Contact Information

  • For more information
    Davies Murphy Group on behalf of ThreatTrack Security
    Please email Brian Alberti at
    U.S.: Tel: 1 781-418-2403

    ThreatTrack Security
    Please email Jarred LeFebvre at
    U.S.: Tel: 1 855-885-5566 ext. 1403