Survey: Malware Response teams fear 2012 threats will grow in number and sophistication

A survey by Norman ASA reveals more than half of IT leaders believe that malware threats are their biggest worry for 2012. They're also worried that the new malware is too sophisticated for their analysis and security capabilities.

03/26/2012


More than half of IT leaders (62 percent) fear that malware is growing more sophisticated faster than they can upgrade their analysis capabilities. Additionally, 58 percent cited the growing number of threats as their biggest worry for 2012.  

These findings, a concern for manufacturing, automation, and control cyber security efforts, are part of a major survey of malware analysis trends completed by an independent research firm for Norman ASA.

"It is widely recognized that the volume and sophistication of threats continues to grow dramatically, yet many organizations are only incrementally adding resources to better understand these threats," said Darin Andersen, vice president and general manager, North America for Norman. "Analysis is a critical component of a comprehensive defense-in-depth strategy. Failure to maintain an updated understanding of these threats will leave networks increasingly vulnerable."

Nearly two-thirds (65 percent) predict the sheer number of malware threats will grow by more than 25 percent this year. However, these IT leaders also report their organizations are not making the investments required to keep up. Just 17 percent state that today they are catching all the malware targeted at their company. Even more alarming, just under half (45 percent) predict their malware budgets will go up in 2012 and only one-third (33 percent) state they will add analysts to their response teams this year.

Organizations that do plan to beef up their security capabilities will have a difficult time this year. Just under half believe it will be harder this year than in the past to find malware analysts and a similar number state they will have less time to train analysts this year than in the past.

As a result of these difficulties, 52 percent plan to augment their internally-developed solution with a commercial solution in 2012. Nearly three-quarters (71 percent) will make this move in part because in-house solutions require significant management attention and maintenance.

Analysts Turn to Commercial Anti-Malware Solutions to Support In-house Solutions and Cite Cost Effectiveness

More than half of survey respondents (54 percent) use both internally-developed and commercially-available anti-malware analysis solutions. IT leaders who use commercial solutions outnumber those who have internally-developed solutions by more than 4-to-1 (37 percent versus 9 percent).

Forty percent of IT leaders who purchased a commercially-available malware analysis solution acquired it to support their internally-developed capabilities, while more than one-third (35 percent) listed cost effectiveness as the reason for purchase and another 35 percent turned to a commercial solution to address the number of files their team must analyze.

"IT leaders are falling behind and are turning increasingly to automated commercial solutions to close the gap," Andersen said. "Fewer than half of surveyed companies will have bigger malware analysis budgets this year, and even among many of those, their teams will have limited time to train the new personnel."

"Because it will be difficult for analysis teams to handle the sheer volume of threats, the automated solutions IT teams purchase must feature scalability. The ability to simply add effective new appliances to a network as the number of threats increase will significantly help teams keep up with the growing threat of cyberattacks."

Norman ASA

www.norman.com 

- Edited by Chris Vavra, Control Engineering, www.controleng.com 

See the safety and security channel at

http://www.controleng.com/channels/plant-safety-and-security.html



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
Control Engineering Leaders Under 40 identifies and gives recognition to young engineers who...
Learn more about methods used to ensure that the integration between the safety system and the process control...
Adding industrial toughness and reliability to Ethernet eGuide
Technological advances like multiple-in-multiple-out (MIMO) transmitting and receiving
Virtualization advice: 4 ways splitting servers can help manufacturing; Efficient motion controls; Fill the brain drain; Learn from the HART Plant of the Year
Two sides to process safety: Combining human and technical factors in your program; Preparing HMI graphics for migrations; Mechatronics and safety; Engineers' Choice Awards
Detecting security breaches: Forensic invenstigations depend on knowing your networks inside and out; Wireless workers; Opening robotic control; Product exclusive: Robust encoders
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
News and comments from Control Engineering process industries editor, Peter Welander.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
Anthony Baker is a fictitious aggregation of experts from Callisto Integration, providing manufacturing consulting and systems integration.
Integrator Guide

Integrator Guide

Search the online Automation Integrator Guide
 

Create New Listing

Visit the System Integrators page to view past winners of Control Engineering's System Integrator of the Year Award and learn how to enter the competition. You will also find more information on system integrators and Control System Integrators Association.

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.