Confusion over AET malware costing firms millions

Business are at risk from sophisticated malware

Research conducted by McAfee has unveiled confusion among security professionals when it comes to dealing with Advanced Evasion Techniques (AETs).

A study conducted by Vanson Bourne in collaboration with McAfee surveyed 800 CIOs and security managers from Europe, the US and Africa. It uncovered highly prevalent misunderstanding and misinterpretation of AETs among those responsible for protecting sensitive data.

Using an AET, a hacker can disguise malicious attacks for far longer than usual, allowing them to penetrate further into a company's network before delivering its payload.

Wake up call

More than one in five survey respondents admitted that their company's security had been breached. Forty percent of those breached also believed that AETs played a key role in those attacks. The average cost of attacks on respondents' networks was around $1 million (£600,000, AU$1.1 million).

Nearly 40% of respondents felt that they did not have the methods to properly detect and track AET malware within their network. Almost 70% said that the biggest challenge was convincing their boards that AETs were a serious threat.

"Many organizations are so intent in identifying new malware that they are falling asleep at the wheel toward advanced evasion techniques that can enable malware to circumvent their security defenses," said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. "AETs pose a great threat because most security solutions can't detect or stop them. Security professionals and executive managers need to wake up as this is a real and growing threat."