The value of security

emmaMalware is becoming more sophisticated, actively resisting traditional detection technologies. This development is posing new challenges to security companies. According to independent test organizations, almost one out of ten malware attacks succeed.

One in ten – sounds like a lot, but what does this mean in practice?

One of our product managers illustrated the significance of a high threat detection rate with a practical example. On average, an employee faces two malware per year (depending on the Internet usage profile of the users and the other layers of the protection, of course). In a company of 500 employees, with a detection rate of 92%, 80 infections in total will pass the traditional malware protection. If the detection rate is 99%, only 10 attacks out of one thousand will succeed. A minor difference in percentage points can make up a major difference in practice.

With this in mind, we believe that detection rate is a key factor in the value of security.

With businesses spending sizable sums of money to clean up damage from malware, high malware detection rates take on greater importance. Have you ever wondered how much it costs to have your business down for one day? Companies are not only spending for malware cleanup, but costs are also incurred as a result of lost productivity, loss of data (such as trade secrets, intellectual property and private customer data), investigation, and post-incident management. And how about your company’s reputation – how much is it worth? Add all these together, and malware that has gone undetected can have serious ramifications to a business. And that’s exactly why even a one percent higher detection rate can save thousands.

Recent examples of attacks with possibly multifold consequences include the patient records of an Australian medical centre held to ransom, as well as Internet advertising network NetSeer suffering a hack that also affected any Web page that included an ad served from NetSeer’s servers – among others several high profile Web sites and news agencies. And these are only a tiny fraction of all the examples out there.

Cyber attacks are not only costly to large enterprises, but also affect small and medium sized businesses (SMBs). Small firms are increasingly popular targets for attacks, as they are not as likely to be adequately protected. In fact, according to Verizon 2012 Data Breach Investigation Report, 79% of data breach victims from the past year were targets of attacks mainly because they were found to possess an exploitable weakness rather than because they were pre-identified targets. In addition, the same study states that victims don’t usually discover their own incidents, but they’re typically discovered by third parties only weeks or months after the initial instance – when significant damage has already been done.

To stay on top of the latest threats, we are launching F-Secure Client Security 10 that provides proactive protection for corporate desktops and laptops. It offers enhanced security with DeepGuard 4 threat detection technology that has been tested by AV-TEST with top-notch scores against new malware. In these independent tests for preventing new “zero-day” malware attacks, DeepGuard 4 performs at 98 to 100%, while the industry average hovers around 90 percent.

So why does detection rate matter? The answer is simple: even a single incident can be one too many.

And that’s why our aim is to “Protect the Irreplaceable.”

More posts from this topic

Unbenannt-2

Why your Apple Watch will probably never be infected by malware

On Tuesday Apple announced its latest iPhone models and a new piece of wearable technology some have been anxiously waiting for -- Apple Watch. TechRadar describes the latest innovation from Cupertino as "An iOS 8-friendly watch that plays nice with your iPhone." And if it works like your iPhone, you can expect that it will free of all mobile malware threats, unless you decide to "jailbreak" it. The latest F-Secure Labs Threat Report clears up one big misconception about iOS malware: It does exist, barely. In the first half of 2014, 295 new families and variants or mobile malware were discovered – 294 on Android and one on iOS.  iPhone users can face phishing scams and Wi-Fi hijacking, which is why we created our Freedome VPN, but the threat of getting a bad app on your iOS device is almost non-existent. "Unlike Android, malware on iOS have so far only been effective against jailbroken devices, making the jailbreak tools created by various hacker outfits (and which usually work by exploiting undocumented bugs in the platform) of interest to security researchers," the report explains. The iOS threat that was found earlier this year, Unflod Baby Panda, was designed to listen to outgoing SSL connections in order to steal the device’s Apple ID and password details. Apple ID and passwords have been in the news recently as they may have played a role in a series of hacks of celebrity iCloud accounts that led to the posting of dozens of private photos. Our Mikko Hypponen explained in our latest Threat Report Webinar that many users have been using these accounts for years, mostly to purchase items in the iTunes store, without realizing how much data they were actually protecting. But Unflod Baby Panda is very unlikely to have played any role in the celebrity hacks, as "jailbreaking" a device is still very rare. Few users know about the hack that gives up the protection of the "closed garden" approach of the iOS app store, which has been incredibly successful in keeping malware off the platform, especially compared to the more open Android landscape. The official Play store has seen some infiltration by bad apps, adware and spamware -- as has the iOS app store to a far lesser degree -- but the majority of Android threats come from third-party marketplaces, which is why F-Secure Labs recommends you avoid them. The vast majority of iPhone owners have never had to worry about malware -- and if the Apple Watch employs the some tight restrictions on apps, the device will likely be free of security concerns. However, having a watch with the power of a smartphone attached to your body nearly twenty-four hours a day promises to introduce privacy questions few have ever considered.    

Sep 9, 2014
BY Jason
Unbenannt-4
Aug 28, 2014
BY Jason