There are so many ways that cyber-criminals can gain access and wreak havoc on a system. And even though each cyber-criminal has their preference, they almost never accomplish their goal without the use of some sort of malware.
Whether it be self-created, modified or purchased, cyber-criminals see malware as a tool to get the job done. From viruses that disable functionality, to Trojan horses relaying information, to bot-nets creating a digital army of zombie computers waiting for its next command. Malware can help automate a cyber-criminals tasks and attacks to yield better results in a faster time. So when you come to think of it, who wouldn’t want a collection of tools to make their work easier?
A recent report from Kaspersky Labs stated that they are detecting an average of 312,000 malicious files per day. A number so high that it seems ridiculous and possibly falsified to scare people. Unfortunately it’s not, and the number is raising. In 2013, McAfee reported 100,000 per day and Panda security reported 160,000 per day in early 2014. With the number constantly on the rise, proper malware protection is more critical than ever.
Because of what seems to be an exponential growth in malicious files, there is a debate in the security community that Anti-virus software is no longer a good solution to battle malware. Though in the traditional sense (using solely an infection’s signature) this may be true, Anti-virus software isn’t dead. Many Security software companies have now built their solutions to do far more than they have just 5 years ago. Most top Anti-virus solutions come with built-in HIDS (Host-based intrusion detection systems), Firewall, Anti-Phishing, Anti-Spam and even an Exploit blocker. All of which are solutions that years ago required purchasing two or more other products to achieve a modern level of protection.
Client Incident Response Report:
In early spring of 2014 one of our clients was hit by two instances of the infamous crypto virus on the same day. Though they were able to recover all their data going back to earlier that day (thanks to a proper backup solution), they found themselves unable to work for a few hours.
During that time frame I (the on-site engineer) contacted their current Anti-virus software provider for assistance and was met with an unfortunate lack of effort. When that avenue didn’t bear fruit, I sent out an email to all users asking for anyone with signs of the ransom note (generally associated with crypto virus infections) to report it immediately. No one responded. I then went from PC to PC searching for the machine that caused the problem. Once found, the machine was removed from the network. However, I didn’t stop there. I continued searching and found another instance of the infection that had not yet completed its encryption, that machine was also removed. Once all machines were checked, I was able to restore data to its previous state knowing that the infection wouldn’t show up again in the near future.
After that incident, I decided that the current solution was no longer adequate to protect this clients’ data. After days of research and a risk assessment, the client and I switched Anti-virus software providers to a more robust solution that offers all the previous mentioned features and a few others that are currently in place to better protect the client. The client has also undergone security awareness training for its entire staff that included guidelines of what actions to take when they are faced with a potential threat to the company’s data. Since that time the client has not had an outbreak of that magnitude (beyond single PC infections) as we are now able to better manage potential threats with constant reporting on detected infections and PC vulnerabilities.
What you need to protect your data from malware:
When it comes to protecting data from malware there isn’t a one size fits all solution. Some solutions can cost significantly more than others and your company may only value half of its capabilities. This is an area where performing a risk assessment is a key towards budgeting for your Anti-virus protection. Here is also where you may want to most consider a Defense in Depth strategy of providing multiple layers of security in case one layer fails. This could mean adding an Anti-virus solution that also does Spam filtering and email attachment scanning to supplement the cloud Spam protection you may already have. You should also consider host based vulnerability scanning to know where the software weaknesses are on your PCs at any given time and a policy outlining the prohibited use of software that is either unapproved or non-business related from ever being installed on your computers.
Luckily you have plenty of options and solutions for protecting your data from malware, you just need to take the proper steps to implementing the correct solution for your business.