A study of businesses in Sweden found security breaches at a shocking 93 percent, according to FireEye and KPMG. The study, “Unknown Threats in Sweden”, was released on Wednesday, and also showed that 79 percent were exfiltrating data.
While the key finding of the study (data breaches at 93 percent of Swedish organizations) does sound rather shocking, it should be noted the small sample size. The study only monitored 14 businesses averaging 5,000 employees, of a variety of sizes and verticals which the study authors consider representative of Swedish business. Each company was given a FireEye NX 7400 appliance, which monitored traffic from Jun. 2 to 27 from a position between the network security layers and client hosts.
A total of over 15,000 security alerts were logged, of which 49 percent were unknown. Botnets and Trojans were the most common types of malware found at 41 and 36 percent, respectively. Organizations averaged two new infected devices each day.
“Advanced Persistent Threats (APTs) to organisations are ever increasing with nefarious individuals or organisations devoting significant time and effort in gaining unauthorised and persistent access to networks and systems,” Fredrik Myrelid of FireEye wrote in a blog post. “APT actors will most likely not be discouraged if an occurrence of their targeted attacks was once successfully contained. The inevitability of cyber attacks whether small isolated events or large-scale network compromise, outage or data exfiltration therefore presents a strong business case for developing an effective response capability.”
The study also concludes that organizations are often slow to respond to attacks because they are not able to detect them, as was suggested by a McAfee report last year.
Data breaches cost healthcare companies an estimated $5.6 billion annually, and surely the cost to other sectors also dwarfs the cost of the high-end monitoring and security which this study indicates is necessary.