Knowledge is power, but ignorance is not bliss for companies facing cyber threats.

A lack of user knowledge about cyber security risk is the most likely avenue for a malware attack and the cause for most successful malware attacks, according to an article from eWeek.

A study from Enterprise Strategy Group (sponsored by Malwarebytes) revealed that “enterprise organizations are seeing an increase in more sophisticated malware, and they are making it a strategic priority to add layers of endpoint security to protect organizations against advanced zero-day and polymorphic threats,” the article says.

Each endpoint, the survey concludes, requires more than one layer of security, especially multiple layers of malware detection.

The ESG report found that the majority of respondents have seen a rise in more sophisticated and targeting malware attacks over the last 24 months. However, 62 percent of organizations surveyed say endpoint security software is not effective for detecting zero-day or polymorphic malware, leaving them vulnerable to such attacks, the article says.

On average, it took 57 percent of respondents hours to detect that an IT asset was compromised by malware. It took 19 percent of organizations several days to uncover an attack.

Twenty-nine percent of respondent organizations believe the increasing use of social networks is responsible for successful malware attacks.

In addition, eWeek reports, two-thirds of U.S.-based respondents do not believe the federal government is doing enough to help the private sector cope with current cyber threats, and 85 percent of IT security professionals have expressed concern about some type of massive cyber-attack that could impact critical infrastructure, the economy or national security.