Almost 40% of IT decision-makers say they are unable to detect or protect their firms from advanced evasion techniques

Businesses are losing the battle against hackers who use advanced evasion techniques (AET) to infiltrate private networks, according to McAfee, a division of Intel Security.

According to the firm’s latest research, 39% of IT decision-makers do not believe they have adequate methods to detect and track AETs within their organisations, and almost two-thirds said their biggest challenge when trying to implement technology against AETs is convincing the board they are a real and serious threat.

The Vanson Bourne study, commissioned by McAfee, surveyed 800 chief information officers and security managers from the US, UK, Germany, France, Australia, Brazil and South Africa.

The findings highlighted misunderstandings, misinterpretation and ineffective safeguards in use by the security experts charged with protecting sensitive data.

Almost 40% of respondents who had suffered a breach in the past 12 months believe that AETs played a key role. On average, those who experienced a breach reported costs to their organisation of about $1m (€730,000).

Global IT advisory firm, Enterprise Strategy Group’s senior principal analyst, John Oltsik, said: “Many organisations are so intent on identifying new malware that they are falling asleep at the wheel toward AETs that can enable malware to circumvent their security defences.

“AETs pose a great threat because most security solutions can’t detect or stop them. Security professionals and executive managers need to wake up as this is a real and growing threat.”

AETs, first discovered in 2010, are methods of disguise used to penetrate target networks undetected to deliver malicious payloads.

Using AETs, an attacker can split apart an exploit into pieces, bypass a firewall or intrusion prevention system appliance and, once inside the network, reassemble the code to unleash malware and continue an advanced persistence threat attack.

Respondents whose organisations had experienced a network breach in the past 12 months estimate the average cost to the business to be €675,473. Australia, which reported a lower number of breaches at 15%, indicated a much higher average cost per breach at €1.09m. The cost to American respondents also exceeded €730,000 on average.

The financial services sector was affected the most, with estimated cost to be more than €1.45m per breach globally.