Australian businesses mistakenly believe their networks and sensitive data are protected from Advanced Evasion Techniques (AETs), according to the latest McAfee report.
The report found 94 per cent of organisations globally think their company is protected against AETs.
However, there is confusion over what AETs actually are and how to protect against them.
AETs are methods of disguise used to enable malware to penetrate business networks undetected.
Using AETs, an attacker can split the components of a malware attack into pieces, allowing it to bypass a firewall or IPS appliance.
Once inside the network, the code reassembles to and continues its mission of collecting data, destroying networks and exposing company IP.
There are more than 800 million known types of AET and this number is quickly growing.
The industry is struggling to keep up with developing the signatures that would identify malware trying to enter the network undetected.
McAfee APAC CTO, Sean Duca, said businesses need to ensure their security solutions provide visibility into whether the business is protected.
“Australian businesses should expect more from their security provider, and demand more from the technology they already have,” he said.
“If their security solutions are not able to detect all types of attacks which disguise themselves and attempt to penetrate the network, or fully visualise the threat landscape, their data is at risk.
He said there was no easy answer for some vendors in the security industry.
“Finding AETs requires full-stack traffic analysis and normalisation, protocol by protocol,” he said.
“This deep inspection requires a great deal of processing power, which can negatively impact throughput performance of some network security solutions.
This would fundamentally mean security vendors would need to change the entire architecture of their solutions.”
McAfee's 'Security Industry’s Dirty Little Secret' report surveyed 800 CIOs and security managers from Australia, the United States, the United Kingdom, Germany, France, Brazil, and South Africa.
The report reveals there are misunderstandings, misinterpretation, and ineffective safeguards in use by businesses aiming to protect their sensitive data.
Fifteen per cent of Australian respondents said their company had experienced a breach in the past 12 months, below the global average of 22 per cent.
More than half of global respondents said that AETs posed an immediate and serious threat to their company and 69 per cent said AETs can already exploit known vulnerabilities.
This figure was lower in Australia at 59 per cent.
Globally, nearly 40 per cent of those breached believe that AETs played a key role in breaches over the past 12 months.