Chemical and drug makers are the biggest malware magnets

Cisco's threat metrics show pharmaceutical and chemical firms are 11 times more susceptible to Web malware

How likely are you to run into Web malware? Depending on the industry you're working in, either not very -- or far more often than you ever imagined.

That's one of the conclusions drawn by Cisco in its recently released February 2014 threat metrics report, where the company assessed statistics compiled by the Cisco Computer Security Incident Response Team (CSIRT) about how often users protected by Cisco Cloud Web Security were likely to encounter malware.

In the month of February, a Web user was likely to encounter malware around one out every 341 requests, with 18 percent of the total coming from links to malware unwittingly shared on Facebook, in the form of video coverage of a breaking news event.

But the most eyebrow-raising statistic of the bunch was the "Vertical Encounter Rate," or the rate at which a company in a given industry segment would likely encounter Web malware compared to the encounter rate of companies as a whole. According to Cisco's stats, among the safest verticals were governments, charities and NGOs, and banking and finance, which had rates well below the average.

Pharmaceutical and chemical companies, on the other hand, were listed has being "at least 11 times more likely than half of the enterprises protected by Cisco Cloud Web Security," according to Seth Hanford, Cisco TRAC (Threat Research, Analysis, and Communications) team lead. The only other vertical that came remotely close to such numbers was media and publishing, which was six times as likely as the whole.

Hanford explained the methodology for sampling the numbers this way: "The median encounter rate across all enterprises is calculated for the month and then the median for each vertical is calculated and compared to the median. This measure is taken from our customer telemetry and reflects web malware encounters that were blocked via Cisco Cloud Web Security. Industry verticals are assigned based on Dun & Bradstreet and/or customer input."

Hanford also noted that the extreme disparity of the number of pharmaceutical and chemical outfits being targeted isn't new -- the trend has been unfolding since at least last year. Back then, Cisco's harvested stats showed the vertical's encounter rate eclipsed the median by a factor of six.

Cisco proffered one explanation for why certain sectors show such pronounced risk: Cyber criminals target verticals for the sake of stealing intellectual property (electronics) or taking advantage of "decreasing precious metal resources and weather-related disruptions in the food supply" (mining and agriculture, respectively).

Cyber crime has been estimated at costing the U.S. economy $100 billion annually, with smaller companies feeling the pain more often due to inadequate defenses. If Cisco's analyses are on track -- and the numbers hold true for people outside of Cisco's customer base -- attacks are likely to grow even more targeted to match their victims in the future, with narrower niches singled out by attackers based on their industry.

This article, "Chemical and drug makers are the biggest malware magnets," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies