New research from cyber security firm ThreatTrack Security has found that enterprises are losing ground when it comes to defending themselves from advanced persistent threats (APTs).

The research, which involved a blind survey of 200 security professionals dealing with malware analysis, found that 80 percent of those surveyed report that defending their networks has become more difficult or is at the same level of difficulty than in 2013 when the survey was last taken, an increase of 30 percent.

A lack of time was nominated as an ongoing problem with 53 percent saying that it now takes longer than two hours to analyze new malware samples, whereas only 5 percent said thy could do so in under one hour.

Only 17 percent of respondents utilize a standalone malware analysis sandbox despite it decreasing the time needed to analyze malware samples while 45 percent rely on an “integrated malware analysis feature within existing defenses,” and 21 percent turn to a “mix of specialized tools.”

Despite the increasingly complicated threat environment, 34 percent of respondents said they did not have enough budget for the right tools to do the job, up from 18 percent in 2013, while 37 percent said that they lack enough skilled staff to do the job properly.

Challenges were nominated as the complexity of malware (56 percent), volume of malware (47 percent), over-alterting by threat prevention tools (35 percent), and the inability to correlate data or threat intelligence to specific attacks (24 percent).

In one bright spot in the survey, respondents reported fewer cases of being asked to remove malware from devices used by their senior leadership team, with infections from pornographic websites down to 26 percent from 40 percent in the previous survey, infections from family members down to 26 percent versus 40 percent, and infections from attached devices such as USB keys down to 30% percent versus 45 percent.

Despite ample education campaigns executives are apparently not getting the messaging on phishing emails, with cases up 59 percent versus 56 percent.

Reflecting the industry as a whole the levels of breach disclosure have rapidly changed, with only 11 percent of respondents saying they have investigated a data breach that was not disclosed to customers, partners or other stakeholders versus 57 percent in 2013.

“With high-profile data breaches emerging one after the other, growing security accountability within enterprises and the exponential growth in cybersecurity investments, the last two years have been transformational for the security industry,” ThreatTrack President John Lyons said in a statement sent to SiliconANGLE. “But despite access to more tools, security analysts – the most critical resource within an enterprise’s cyber defense – remain ill-equipped, underfunded and understaffed in their daily battle against advanced malware.”

A full copy of the report is available from the ThreatTrack site here.

Image credit: usfwspacific/Flickr/CC by 2.0