Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds

SpyCloud, a cybercrime analytics specialist, said the results of its new study showed that larger organizations generally recognize malware threats but they lack protection against infostealers and ways to properly remediate infections.

Those conclusions come from the company’s recently released Malware Readiness & Defense report that surveyed 320 mid-market and large enterprise IT security professionals in the U.S. and U.K. The report examines how organizations detect and address the threat of malware as a precursor to cyberattacks such as account takeover and ransomware.

Key Findings: Only 1% Not Concerned

The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data:

The most overlooked entry points for malware include:

Lax Cyber Behavior Opens Doors to Cybercriminals

According to SpyCloud research, every infection exposes access to an average of 26 business applications. AsTrevor Hilligoss, senior director of security research at SpyCloud, explained:

"While most organizations understand the general and pervasive threat of malware, digital transformation and hybrid work models create a perfect environment for criminals to take advantage of hidden security gaps. Criminals are exploiting these vulnerabilities by taking advantage of lax cyber behaviors and deploying infostealers designed to swiftly exfiltrate access details beyond passwords.

"These days, authentication cookies that grant access to valid sessions are one of the most prized assets for perpetrating next-generation account takeover through session hijacking bypassing passwords, passkeys, and even MFA."

Many organizations are struggling with routine responses to malware infections:

Breaking Bad Habits

Limited visibility hinders mean-time-to-discovery (MTTD) and mean-time-to-remediation (MTTR), which exacerbates risks to the business and drains resources, SpyCloud said. Moreover, SpyCloud researchers found that in the first half of 2023, 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution.

Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.

Hilligoss offered advice for security teams:

"Breaking bad habits requires time and resources most organizations can't afford and have a hard time finding in the first place. To reduce the risk created by unauthorized account access, infected devices and human error, they need a new approach for detecting and remediating malware.

"For many security teams, responding to infections is a machine-centric process that involves isolating and clearing the malware from the device. However, an identity-centric approach is more thorough as the ultimate goal is to better address the growing attack surface tied to an individual user that puts the business at risk."