Web Browser Flaws Are Huge Endpoint Security Issue

Eighty-two percent of organizations surveyed experienced at least one online attack in the last year, according to new research conducted by Lawless Research and commissioned by Malwarebytes, a provider of software designed to protect against advanced threats.

The survey of 685 IT decision-makers at U.S. companies with 50 or more employees found that the average company was subjected to three attacks during the last year, all of which took a “severe toll” on help desks and employee productivity.

The executives consider the growing number of flaws in Web browsers to be the biggest endpoint security challenge they face as they look toward 2015, according to the report. With the number of exploitable browser vulnerabilities rising this year, 72 percent of the survey respondents said this made security difficult at their organization, more so than any other issue. Respondents at companies with more than 1,000 endpoints were particularly concerned about the issue.

The survey indicates growing concerns about traditional security suites. A majority of respondents (84 percent) agreed that traditional antivirus software has become less effective in the face of modern threats. This has seemingly forced those in charge of security budgets to consider a layered approach, the report says, with 78 percent of respondents planning to deploy multiple endpoint solutions by the end of 2015.

Another concern involves the threat from ransomware—a type of malware that restricts access to the infected system and demands a ransom paid to the creator of the malware in order to remove the restriction. Despite being the least prevalent specific threat in terms of overall numbers, respondents who did experience ransomware rated it as the most severe in terms of impact, ahead of even advanced persistent threats (APTs).

“It’s sobering to see such a large number of companies suffering from attacks,” said Marcin Kleczynski, CEO of Malwarebytes. “The growing concerns over browser vulnerabilities are a particularly notable trend, speaking volumes about their effectiveness as an attack method. Given the ever-advancing threat landscape, it should be obvious by now that an endpoint security strategy built around a single traditional antivirus solution isn’t enough.”

By employing a layered approach that uses an advanced endpoint security solution, “organizations can better protect their data and reduce help desk time, which will positively impact their bottom line,” Kleczynski said.