Malware attacks costing $125,000 a month

Large enterprises can expect to pay an average of more than $125,000 (75,354) per month in costs associated with recovering from a malware attack.

That's according to the fourth annual independent study commissioned by FaceTime Communications into the impact of collaborative internet applications on organisations.

Overall, it found the cost of malware attacks and those associated with corporate data leaks has risen as more employees use web 2.0 and social media-based applications at work. These types of applications were in use at 97 per cent of all organisations, up from 85 per cent in 2007.

Their use was widespread, with more than 60 per cent of the more than 500 IT staff and employees surveyed by researcher NewDiligence, having eight or more of these applications in use on their networks. And on average, companies reported nine such applications in use by every employee.

But the majority (73 per cent) of IT managers reported at least one security incident as a result of internet application use, where viruses, Trojans and worms were most common (cited by 59 per cent), followed closely by spyware (57 per cent).

IT managers also reported an average of 34 security and data leakage incidents per month. And just under a third (27 per cent) said they had suffered incidents of accidental or unintentional data leakage.

But, while 79 per cent said IT monitored and controlled email and 65 per cent said the same for web browsing, fewer than 40 per cent monitored or managed applications for peer-to-peer (P2P) file sharing, for example and only 25 per cent said they secured and monitored web 2.0 applications.

The report warned that many of these real-time applications were evasive and could easily circumvent traditional security infrastructures, creating potential compliance, information leakage concerns, as well as introducing a number of vectors for incoming malware.

The survey also found that less than half of IT managers could actively monitor or reproduce specific applications, like instant messaging communications if asked by corporate legal teams in the event of a lawsuit. In fact, 38 per cent of IT managers said they had no such capabilities and only 13 per cent said they could but not in any practical timeframe.

Nick Sears, FaceTime vice president for Europe, Middle East and Africa, said: "In the four years that we've been doing this survey, end users have claimed the right to download and use whatever applications they choose to help them do their jobs. This year's survey shows that in doing so users are unwittingly contributing to security and data leakage incidents."

Miya Knights

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.