Some 96% of organizations across 20 different vertical industries suffered some form of cyber attack in the first half of last year.
Advanced malware attacks -- typically associated with cyber espionage or other targeted attack campaigns -- made up nearly 30% of cyber intrusions at 1,200 companies, according to new data from FireEye collected from its network and email sensors that sit behind traditional security systems.
All organizations in agriculture, auto and transportation, education, and retail that were monitored in a trial deployment by the security firm suffered breaches during January and June of last year.
Dave Merkel, CTO of FireEye, says the findings in this random sampling of organizations underscore how the bad guys are relentlessly going after information from their victims but the victim organizations aren't keeping pace with attackers.
"One issue is outmoded thinking that 'I bought this magic widget 5 to 10 years ago, and it's somehow relevant today.' But the bad guys are innovating … and [companies] need to continue to innovate" with their security strategies and tools, he says.
It's not just about security technology or products, either, he says. "You have to bring expertise to the problem. The bad guy is a person; the malware is a tool. So you can't just buy technology, plug it in, and solve all ills," Merkel says. "At the end of the day, you are playing cat-and-mouse with an increasingly professional person who's making a living taking your stuff … There's still a human element that has to be engaged actively in your defense."
Meanwhile, FireEye, which sells next-generation threat detection technology, found the industry with the biggest increase in advanced malware attacks was law, with twice the number of such attacks since the previous year.
And the industry with the lowest percentage of attacks getting past its security perimeters was aerospace and defense, with 76% of the companies getting hit. "While the number is unacceptably high, it is significantly lower than other industries. One possible explanation: many firms in this sector, long a target of advanced state-sponsored attacks, have beefed up their cyber defenses. But as the data shows, most of these defenses continue to fail," said the FireEye report.