HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Unknown Malware Downloaded Every 4 Seconds by Employees

Checkpoint has recently published its 2016 Security Report. The report casts light on extent to which new malware is being developed and highlights the threat faced by the healthcare industry.

Checkpoint researchers studied more than 31,000 Check Point gateways over the course of the last 12 months to determine the seriousness of the malware threat. The study revealed that 52.7% of those gateways downloaded at least one file infected with unknown malware. They also determined that on average, more than 12 million new malware variants were released each month in 2015.

The rate at which new malware is being developed has soared in the past two years. Checkpoint data show that more new malware has been developed in the past two years than in the previous 10 years combined. Malware is being developed at such a rate that traditional anti-virus and anti-malware software solutions are struggling to keep up.

Checkpoint analyzed infections with known malware, unknown malware – malicious software for which no signature exists – and zero day exploits that take advantage of previously unknown security vulnerabilities. The report indicates 971 downloads of unknown malware now occur every hour. That’s one download of unknown malware by an employee every 4 seconds. Nine times as many downloads of unknown malware occurred in 2015 than in 2014.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Organizations are getting better at preventing employees from accessing malicious websites through a combination of training and technological solutions such as web filters. In 2015, employees in 82% of organizations accessed malicious websites – a 4% reduction from 2014. However, in 2015, employees of enterprise organizations accessed malicious websites every 5 seconds. The previous year, malicious websites were accessed every 24 seconds. Unfortunately, the sheer volume of malicious sites and files is making it hard for organizations to effectively filter traffic while maintaining employee productivity.

Bot infections were down 10% in 2015, although 75% of organizations were discovered t9o have been infected with bots in 2015. The most common bots were Sality, Conficker, ZeroAccess, and Cutwail, which were used in 50% of bot attacks. Checkpoint notes that all of these bots originate from known malware.

It may be more difficult to prevent unknown malware downloads, but organizations are still struggling to prevent and detect known malware. Many organizations still have poor patch management policies which is leaving the door wide open to malware attacks. When malware infections do occur, organizations are struggling to detect the infections.

Unsurprisingly, most data breaches involve the compromising of endpoints and malicious email continues to be the main way that those endpoints are attacked. According to the report, 75% of infections occur via email.

Checkpoint researchers also determined the cost of healthcare data breach resolution has soared. According to the report, healthcare data breach resolution costs have risen by 282% since 2015.The researchers also noted there was a 60% jump in healthcare security incidents in 2015.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.