If you had to pick a number, how many new variants of malware do you think threaten businesses each day? That was the question posed to roughly 4,000 IT professionals in a new data security survey from Kaspersky Lab.
And the answer is shocking: 315,000 distinct malware variants threaten businesses each day. That's a lot of malware. If that number is surprising, you're not alone.
- 91 percent of survey respondents thought there were less than 250,000.
- 69 percent of respondents would have guessed there were less than 10,000.
Let’s take a look at why there is a huge discrepancy about the way data threats are perceived.
More Malware than You Can Shake a Stick At
One reason businesses underestimate their cyber risk exposure is because they misunderstand how and why malware attacks occur.
So many variants exist because malware developers need to create multiple versions of their software to keep evading antivirus programs. Because antivirus software flags known threats, malware developers continuously tweak their code and make it distinct enough to avoid detection.
Antivirus software can learn to spot a program that resembles known malware, but the sheer number of malware attacks makes this exceedingly difficult. For example, when Target was hacked, its antimalware service (FireEye) actually flagged the malicious code that ended up causing the massive data breach.
How did the malware get through? Target gets so many false positives that it's practically impossible for its IT professionals to know whether a flagged piece of code is actually malicious. Antivirus software errs on the side of caution and often flags totally benign code. It's not always the most effective tool.
Fixing Client Misunderstandings & Building New Business
While malware misperceptions need to be corrected, they also present a way for IT consultants to earn new business.
By educating your clients about the sophistication and variety of malware threats, you'll do two things:
- Help them understand that they need to be actively involved in the management of their data security on a day-to-day basis.
- Create a need for your services.
How do you do this? Position your business as the more informed, security-focused IT option. Upsell your clients on services that cover gaps in their risk.
Don't forget that current clients might need their data security strengthened, too. If you're looking for new business, talk with previous clients about boosting their security. After so many high-profile data breaches, they might be looking to spend more on IT.
Stay tuned for tomorrow's article where we explore ways to educate your clients about data security and capitalize on a growing need for more comprehensive IT security options.