Changing malware attack rates guide new strategies for security vendors
JUL 25, 2014 01:08 AM
A+ A A-


Every day cybercriminals launch sophisticated malware attacks against organizations designed to steal valuable data or disable critical services to inflict damage on the organization. The number of malware attacks is increasing, but recent research from Technology Business Research Inc. (TBR) indicates the rate of increase varies significantly depending on the organization; malware attack rates are increasing more rapidly for some organizations and leveling off for others. Security vendors and service providers must adjust their strategies to adapt to changing attack rates.

Organizations know when they are being attacked

Armed with network scanners, intrusion detection systems and other security devices, organizations often know when they have been attacked. It is not uncommon for an organization to detect (and hopefully deflect) approximately 100 targeted malware attacks per week.

Malware attack rates are changing

In January TBR surveyed 156 security professionals at end-user organizations in the U.S. about their experiences with malware attacks. TBR's research revealed that 46% of organizations believe they were targeted by malware attacks more frequently in 2013 compared to 2012, with 18% attacked significantly more frequently and 28% attacked somewhat more frequently (see Figure 1). About one-third (32%) of organizations were targeted by malware attacks approximately the same number of times in 2013 as in 2012, and 23% were attacked less frequently or not at all.

Figure 1— Changes in Malware Attack Frequency, 2013 versus 2012


Attackers focus their efforts on large organizations

TBR's research uncovered significant differences in attack rates based on the size of the organization. Very large organizations with more than 25,000 employees are experiencing the greatest increase in attacks, with 52% experiencing more attacks in 2013 compared to 2012 (see Figure 2).

Large organizations with 5,000 to 24,999 employees are experiencing relatively moderate increases in attacks. In TBR's study, 46% of respondents from large organizations reported they were attacked more frequently in 2013 compared to 2012.

Just 39% of midsize organizations with 1,000 to 4,999 employees reported an increase in attacks in 2013 compared to 2012. Moreover, 37% of midsize organizations said they were attacked about as often in 2013 as in 2012.


Figure 2— Changes in Malware Attack Frequency, by Company Size

Industrial organizations are experiencing the highest increase in attacks

Organizations in industrial verticals including aerospace and defense, manufacturing, construction and transportation reported the greatest increase in malware attacks over the past two years. More than half (58%) of respondents in industrial organizations reported being attacked more frequently in 2013 compared to 2012 (see Figure 3). At the same time, less than half (48%) of organizations in consumer-related industries including consumer packaged goods, retail, publishing and travel reported increasing volumes of attacks.

Malware attack rates are leveling off in some other vertical industries. Notably, 52% of healthcare organizations including hospitals and pharmaceutical organizations were attacked about the same number of times in 2013 as in 2012. Thirty eight percent of financial organizations including banking, financial services and insurance companies were attacked about the same number of times in 2013 as in 2012.  

Figure 3— Malware Attacks by Industry

Vendors' strategies must align with malware attack rates

Because malware attack rates are rising at different levels based on an organization's size and industry, security vendors and service providers must adapt their strategies to address customers' unique threat environments.

Strategies for approaching midsize organizations

In recent years many security vendors have approached midsize customers with warnings that they were no longer immune to attacks because of their relatively small size. Attackers have targeted midsize organizations for their valuable IP, or simply because midsize organizations may have relatively fewer security controls compared to large and very large organizations, which can make them easier to penetrate.

However, as TBR's research indicates, attacks against midsize organizations are not increasing as rapidly as attacks against large or very large organizations. Messages about increasing attack rates will not resonate strongly with midsize organizations in 2014. Security vendors and service providers approaching midsize customers should focus on reinforcing controls and layering additional defenses as the midsize organizations grow.  

Strategies for approaching large and very large organizations

Security professionals at large and very large organizations need to stay ahead of the rapidly rising rate of attacks targeted at their companies' assets. Security vendors and service providers must deliver strong solutions that help block attacks to engage with these customers.

Large and very large organizations can benefit from advanced threat protection (ATP) solutions that leverage technologies such as virtual execution and threat correlation. ATP tools that are integrated with traditional security tools such as security information and event management systems (SIEMs) can help organizations leverage their existing security controls while adding newer technologies to detect and block emerging threats. TBR believes vendors offering ATP solutions that are well integrated with traditional security tools will find a receptive market among organizations that are experiencing rapid growth in malware attacks.

Strategies for approaching industrial and consumer organizations

As key members of the U.S. critical infrastructure, security professionals at industrial organizations are on high alert for attacks by nation-state actors, such as email phishing attacks designed to trick defense contractor employees into revealing their access credentials. TBR believes these organizations are evaluating and deploying ATP solutions, favoring solutions that provide early warnings of potential attacks. 

Following the 2013 attacks against retail giants Target and Neiman Marcus, which saw security teams reportedly miss or incorrectly prioritize key alerts from installed security solutions, TBR believes organizations in consumer industries will seek security solutions that prioritize risk at a very granular level, with concise reports that provide clear guidance for response and remediation. Organizations that must comply with Payment Card Industry (PCI) regulations may turn to governance, risk and compliance (GRC) vendors that integrate security intelligence into their GRC solutions to ensure IT risk management is fully addressed.

Strategies for approaching healthcare and financial organizations

TBR believes that as healthcare and financial institutions experience a moderation in malware attack rates, they will turn a portion of their security resources to creating and implementing strategies for cyber risk management. In particular, these organizations may be interested in strategies and solutions that enable them to more accurately quantify their risks, such as creating exposure maps and estimating the value of potential losses. This will help the organizations transfer a portion of their risk to their business partners (through contracts such as Business Associate agreements in regulated industries) or insurance companies (through cyber-insurance policies).


As organizations experience different rates of change in the number of malware attacks against their IT assets, security vendors and service providers can align solutions to their customers' threat environment. Large organizations in industrial and consumer industries are experiencing the most significant increases in attacks, and TBR expects these organizations to be keenly interested in new ATP products and services. Midsize healthcare and financial organizations are less stressed by increasing malware attacks at this time and may focus on reinforcing security controls and revising risk management strategies. 

[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment:

Computing Now Blogs
Business Intelligence
by Keith Peterson
Cloud Computing
A Cloud Blog: by Irena Bojanova
The Clear Cloud: by STC Cloud Computing
Computing Careers: by Lori Cameron
Display Technologies
Enterprise Solutions
Enterprise Thinking: by Josh Greenbaum
Healthcare Technologies
The Doctor Is In: Dr. Keith W. Vrbicky
Heterogeneous Systems
Hot Topics
NealNotes: by Neal Leavitt
Industry Trends
The Robotics Report: by Jeff Debrosse
Internet Of Things
Sensing IoT: by Irena Bojanova