That is indeed a large number.
There are different ways malware can be introduced into a system but again the Verizon breach report states that direct installation of malware by a hacker who has gained access to a system is most common and they found it to be the best way. Once in, hackers own the system and it is a sure way of them remaining there to attack the system.
Malware actions include the following:
Check your current antivirus product to verify that it protects against all types of malware – not just viruses and if not, get a centrally deployed and managed antimalware solution to augment its protection. Omega solutions pay particular attention to the use of anti-malware in your systems. It is an add-on module that is subscription-based. If you need help, call on Omega ATC at 636-557-7777 or email email@example.com.