Measuring Security

 Measuring Security

 By non-invasively monitoring the

 activity in an organization's network,

 much can be learned about the

 residual malware that escapes the

 attention of the organization's security

 systems.

 Which industry sectors are most infected? 

Malware Metrics by Industry Sector

83 enterprises from North America, Latin America, Europe and Asia Pacific participated in a risk-free, 2-week security assessment that allowed Trend Micro to monitor an enterprise’s security environment and help them discover how, why and where security threats happen. Of these, 16 were from the education and health care sectors, the two sectors showing the highest rates of malware infection.

industry sector  % of organizations with “very high” malware infection rate*
Health Care             75%   (n = 4)
Education                33%   (n = 12)
Public Sector           22%   (n = 23)
Financial Services    14%   (n = 7)
Manufacturing          11%   (n = 27)
all industries            20%   (n = 83)

* “very high” are those in the top quintile (>80 percentile) observed across all industry sectors.

Although the sample size is small, the health care sectpr exhibits significantly higher rates of malware infection than the other sectors.  Trend Micro security assessors discovered that 75% of the health care organizations monitored had “very high” levels of malware infections in their networks.  This contrasts with 20% "very high" for all sectors. 

A possible factor in the health care sector's higher infection rate may be the relatively high number of uncontrolled internet-communicating devices used by visitors to hospitals and clinics compared to other industry sectors. 

But not compared to universities, where uncontrolled student computers are the norm.  Which brings us to the sector with the second highest infection rate:  the education sector.

In the education sector, 33% of the monitored institutions exhibited "very high" malware infections rates.  Possible causes here may be related to colleges having to contend with students bringing infected laptops into their networks, heavy usage of social-networking sites, pirated media and software programs that redirect to malware; and infected USB drives that students use to store files and homework assignments.  

The Trend Micro security threat assessments used in this study utilize a non-invasive, listen-only appliance that doesn’t interfere with an organization's ongoing network operations.  Trend Micro engineers quickly install the assessment appliance at the network layer on the core switch where it monitors network traffic to detect resident malware activities, such as botnets. The appliance also monitors inbound email and Web traffic to detect potentially infected messages and suspicious Web sites.

Key threats and indicators measured during assessments include:

 - IRC bots
 - network worms
 - information stealing malware
 - malware downloads
 - accesses to malicious URLs

If you are interested in participating in a security threat assessment, contact Trend Micro Threat Management Services go to  http://go.trendmicro.com/thinkagain/form.php.