• by Laurie Sullivan  @lauriesullivan, August 6, 2014

Hackers slipping malicious software into online advertisements and emails continue to create risks for consumers and brands. In fact, 91.7% of major brands fail to provide adequate email security, per an Online Trust Alliance study -- one of two released Wednesday suggesting that marketers are still losing the battle against malware and viruses embedded in content across the Internet. The other report from Cisco Systems attributes malvertising to the uptick.

A recent example points to reports that Russian hackers stole 1.2 billion unique username and password combinations, and more than 500 million e-mail addresses, reports The New York Times. Experts agree this situation is becoming increasingly common, unfortunately -- across a variety of media from social to email and search, along with publisher, retail, and brand sites.

The OTA's 2014 Email Integrity Audit report analyzed email campaigns from nearly 800 consumer Web sites and found that only 8.3% passed the audit, suggesting that companies protect the consumers visiting them; the remainder failed. The audit tracks the adoption of three critical email authentication standards aimed at improving the privacy of email communications in transit from one user to another.

OTA Executive Director and President Craig Spiezle believes that businesses and government agencies fail to adopt email and other online security practices fast enough, which puts consumers at risk for losing sensitive information like credit card numbers, social security numbers and identities.

A handful of government agencies and business continue to step up to protect consumers and site visitors. While the report doesn't list names, it runs through the percentages and the types of businesses doing the most to protect consumers. Those that have stepped up include 28% of the top 50 social media companies, 17% of the top 100 financial services companies, 14% of the top 100 Internet retail companies, 6% of the top 50 news companies, 6% of the top 500 Internet retailers, and 4% of the top 50 U.S. government agencies.

The Ponemon Institute estimates the average cost of a company's data breach at $5.4 million in 2014, up from $4.5 million in 2013, per the Cisco Systems 2014 Midyear Security Report released this week. The report also cites stats from the Cost of Cyber Crime and Cyber Espionage that estimates the U.S. economy loses $100 billion annually -- and as many as 508,000 U.S. jobs are lost -- because of malicious online activity.

Cisco points to malvertising as one reason for the increase as media and publishing sites attract more traffic from individuals across the globe. Cloud services supporting media and publishing sites hold the highest risk, followed by pharmaceutical and chemical, available, transportation and shipping, manufacturing, insurance, agriculture, professional services, and others like food and beverage, and retail.

iFrames and malicious scripts dominate for all industries, although malicious events across the U.S. Europe and Asia-Pacific appear to rely on exploits to target specific industries. In APJC, scams, phishing, and click-fraud are used to compromise the trust of users in the transportation and shipping industries -- whereas mobile Web malware remains low, for now, in all three regions, per Cisco's report.

"Paper note and fishing hook" photo from Shutterstock.