Microsoft Subnet An independent Microsoft community View more

Porn-surfing corporate bosses infect networks, then keep data breaches a secret

57% of U.S. enterprise malware investigations involve data breaches that are never disclosed, with many executives surfing to infected porn sites.

The boss may know better -- the dreaded do as I say, not as I do -- but 40% of malware infections on corporate senior executives' PCs came from visiting infected porn sites. According to a blind survey of 200 security professionals, more than half, or 57%, have investigated data breaches that were kept a secret from customers, partners or stakeholders.

Porn-surfing corporate bosses infect networks, then keep data breaches a secret

As if IT pros don't have enough to do, it's often the boss that is causing the problems. The survey [pdf], commissioned by ThreatTrack, found that bosses, or senior leadership, end up with malware on their PC or mobile device by:

  • 56% clicked on a malicious link in a phishing email.
  • 47% attached an infected device to a corporate PC.
  • 45% let a familiy member uses a company computer.
  • 40% surfed to a malware-infected porn site.
  • 33% installed a malicious app.

Who hides the truth about data breaches?

Smaller companies with less than 50 employees are the least likely to hide a data breach, but still 18% from smaller corporations are not disclosed. Two-thirds, or 66%, of U.S. corporations with more than 500 employees do not report data breaches. The survey of IT professionals found that utility and manufacturing companies are the most likely industries to hide that they've been hacked. Breaches go unreported in:

  • 79% of manufacturing and utility companies
  • 57% of IT and Telecom industries
  • 56% of healthcare

Biggest hindrances to combating cyberattacks

Although 40% of corporate IT professionals who worked on a data breach reported they do not have enough highly-skilled personnel on staff to combat cyberattacks, 58% blame ineffective anti-malware solutions. Thirty-five percent of IT pros responded that the lack of automated malware analysis tools are a "pain point" when it comes to defending against sophisticated threats.

Time it takes to analyze new malware

Only 4% of security professionals can analyze a new malware sample in less than an hour. Forty-five percent said it takes between one to two hours; 39% said the analysis requires two to five hours; 14% reported it takes between five and eight hours to analyze.

IT security budgets and data breaches

The size of IT security budgets also plays a part in data breaches that go unreported. Seventy-six percent of U.S. enterprises that spend between $500,000 and $10 million on IT security do not disclose data breaches to customers, while 37.5% of corporations with an IT security budget of over $10 million do not report data breaches. Another 30% of companies that spend less than $500,000 on IT security do not disclose breaches.

"Not only are unreported compromises doing a disservice to customers, they may even be inhibiting proper attention that needs to be placed on the cybersecurity industry in general," concluded ThreatTrack [pdf]. Furthermore, security pros "face enough challenges trying to protect their companies’ networks from external threats. They certainly don’t need internal forces hindering those efforts. Yet that seems to be what’s happening, with senior executives who let family members use corporate PCs and can’t keep away from pornographic websites."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.