While employees may get the brunt of the blame for security breaches, company leaders are doing their fair share of damage as well, a new study finds.

Research from ThreatTrack Security revealed that 40% of security professionals found that a device used by a member of their company's senior leadership team had been infected by malware because of a visit to a pornographic website, and nearly 60% of the security professionals surveyed have cleaned malware from a device after an executive clicked on a malicious link or was duped by a phishing email.

In addition, 45% of respondents said they have found malware on a senior leader's device because the executive allowed a family member to use it, with one-third of security professionals discovering it on an executive's mobile devices because they installed a malicious app.

Despite numerous reports of high-profile security breaches, the majority of businesses aren't disclosing when one occurs. The study shows that nearly six in 10 malware analysts reported they have investigated or addressed a data breach that was never revealed by their company.

ThreatTrack CEO Julian Waits Sr. said that while it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring.

"Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyberespionage campaigns from overseas competitors and foreign governments," Waits said. "This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyberattacks, they also point out deficiencies in resources and tools."

The research shows that most security professionals don't believe they have enough help dealing with the problems they face. In fact, 40% of those surveyed said one of the most difficult aspects of defending their organization's network was a dearth of highly skilled security personnel on staff. The complexity of malware, the volume of malware and the ineffectiveness of anti-malware solutions are other top problems these professionals have in protecting their organization from security breaches.

Cleaning up malware from a company device or network is no small task. The research found that more than half of all malware analysts said it typically takes them more than two hours to analyze a new malware sample, with only 4% saying they are capable of doing it in less than an hour.

The study was based on surveys of 200 security professionals at large U.S. businesses.

Image: Louis du Mont

This article originally published at BusinessNewsDaily here