Increasing Threat of Fileless Malware Attacks Highlighted in Ponemon Institute Report

by | Nov 30, 2017

A recent report carried out by the Ponemon Institute has emphasized current endpoint security trends, details the ever-present threat from ransomware, and shows that fileless malware cyberattacks are increasing.

Annually, endpoint attacks cost the healthcare sector over $1 billion. The high cost of addressing attacks and the increasing threat means endpoint security should be a priority for healthcare groups. Sadly, many healthcare groups are continuing to depend on traditional cybersecurity technologies, which fail to properly safeguard against new threats. Further, spending on cybersecurity defenses often involves doubling down on current technologies, rather than strategic spending on new technologies that are far more effective at minimizing the risk of endpoint attacks.

The Barkly-sponsored study was sent to 665 IT and security workers. 54% of respondents said they had experienced at least one successful endpoint attack in the past year. Ransomware attacks are widespread. More than 50% of respondents said they had encountered at least one successful ransomware attack in 2017, while 40% of respondents said they had experienced more than one ransomware attack.

In some cases, groups pay the ransom to quickly regain access to their data, others have no alternative but to pay the ransom. 65% of surveyed firms reported that they had paid a ransom demand to regain access to their data. The average ransom payment was $3,675.

The danger posed by ransomware is unlikely to disappear. As long as the attacks are profitable, they will carry on. A recent report from Cybersecurity Ventures claims that global ransomware damages will reach $5 billion in 2017 and will increase to $11.5 billion in 2019. Putting those figures into perspective, the overall cost of ransomware attacks during 2015 was $325 million.

One of the most worrying endpoint security trends included in the recently issued Ponemon Institute report was fileless malware.  Fileless malware attacks have surged considerably in the past year. Out of all organizations that reported experiencing a minimum of one endpoint attack, 77% said at least one of those attacks included an exploit or fileless malware. Overall, 29% of organizations have encountered a fileless malware attack, an increase of 20% from last year. Ponemon also reports that fileless malware attacks are also 10 times more likely to succeed than other varieties of malware cyberattacks.

The cost of endpoint attacks is significant. On average, it costs $301 per worker to address an attack – or $5,010,600 per company, annually, on average. The healthcare sector alone has spent $1.3 billion in the past year addressing endpoint attacks. Those costs are broken down as 30% due to loss of productivity, 25% due to system downtime, and 23% due to theft of data assets.

Avoiding endpoint attacks is seen as a significant issue, with more than half of those surveyed (54%) not believing that endpoint attacks can actually be prevented. Antivirus solutions are required to stop malware infections, although they are not normally effective against current threats such as fileless malware.

“This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations,” commented Ponemon Institute Chairman and Founder Dr. Larry Ponemon. “The cost of endpoint attacks in the companies represented in this study could be as much as $5 million, making an enterprise-wise endpoint security strategy more important than ever.”

The vulnerabilities of AV software have led many firms to invest in new technologies such as endpoint detection and response measures, although those solutions do not stops attacks, only minimize the damage caused when they do happen.

50% of firms said they are planning to replace or augment their existing endpoint security systems with new tools, although many of those surveyed said they are having problems with endpoint security systems, such as a high false positive rate, complex management of the solutions, and even when solutions are implemented, there are many protection gaps.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy