In a recent study that analyzed 300 actual data breach incidents indicates that antivirus software is incapable of detecting the malware used to initiate these attacks. Conducted by security analysis firm Trustwave, the report, titled 2012 Global Security Report, reviewed 300 incidents that took place in 18 differing countries. Trustwave had direct experience with the incidents since its SpiderLabs division was retained to investigate the security breaches.
The Trustwave analysis revealed that in all of the cases of data breach, the security breaches were caused by malware that were undetectable to common antivirus packages. Also, the malware was introduced to the affected organizations through employees’ PCs. Furthermore, 88 percent of the isolated malware escaped detection by all the antivirus packages used by the study. The remaining 12 percent did trigger antivirus programs but only retrospectively – after several months has passed since the malware was used for a data breach attack.
This finding totally deflates the peace of mind and confidence most organizations and individuals seek to get by installing antivirus packages on their computer networks. On the contrary, the report notes that “the historical perception of antivirus and the sometimes blind faith in its ability to detect and stop malware is one of the reasons attackers are so successful in what they do.” The end result of malware’s ability to use these targets’ networks surreptisiouly is that they only became aware of their data breach problem when they were alerted by outside organizations like law enforcement agencies, a regulatory agency, or even the general public. By the time these organizations found out about their security breach, the data breach had affected their systems for an astonishing average period of 173 days. Some cases even extend to several years.
The problem is that the criminals behind the malware develop new versions they don’t publicize. The average antivirus packages can’t detect these since the malware are very targeted. Oftentimes, the antivirus vendors won’t even see the malware until after it has been successfully deployed. Another identifying trend in the data breaches is that many of the cases involve outsourced IT to third parties. This is the case in about 75 percent of the data breaches.