Today, malware attacks are more frequent, devious and more targeted, successfully penetrating many businesses that consider their security strategies to be adequate, says Carey van Vlaanderen, CEO ESET Southern Africa. Businesses should be aware that your security system from last year may not be protected from today’s most common malware.
These days hackers are more methodical and flood targets with an overwhelming amount of new malware, using social media sites and “bring your own device” security loopholes to quickly distribute and execute attacks.
Fake antivirus known as “scareware” imitates legitimate security products to trick users into giving up confidential information or buying rogue security software that does not work. Cyber extortionists use “ransomware” to lock uses out of their own systems until they pay a ransom – and then refuse to ante up.
If your security has not kept up with the latest cybercrime developments you could be facing avoidable risks without realising it. The explosive growth of malware is fueled by numerous factors – financial motivation, the availability of DIY virus modules, easier attack routes through social networks, and BYOD devices in the workplace – all which present exploitation possibilities.
Many small to medium businesses (SMBs) underestimate the security dangers they face in today’s threat environment. Many businesses have little training or understanding of laws governing how personally identifiable information should be encrypted, shared, or stored and lack policies ensuring their staff complies with those requirements.
These same businesses often rely on single-layer security solutions, such as standalone antivirus software, which leave them open to attack if their defense is breached. Hackers are more likely than ever to target SMBs, hoping their lack of preparation and limited security expertise will make it easy to penetrate their systems and those of their business partners. SMB business owners should correct these vulnerabilities to keep themselves protected.
Reliance on signature databases, not heuristics
A fundamental flaw is that many traditional antivirus products compare the files on a user’s system to only a limited library of known bad signatures, or look for only exact matches with such signatures.
Many that do not perform advanced heuristic analysis (examining the structure or behaviour of malicious code) have difficulty detecting malware that is released in many subtle variations or morph every few hours to evade signature-based detection, a common practice for today’s developer.
Only one line of defense against malware
Many SMB security plans are comprised of only a single product, usually antivirus, and do not include an advanced firewall to block and flag suspicious network traffic or have separate protection for other endpoints such as emails and servers.
Furthermore, for companies that allow employees to BYOD, these personal devices can be an attack route into the corporate network if users download malware disguised as legitimate applications, or fail to run antivirus software at all. Having the capabilities to lock down specific USB ports is essential.
Social media access at work leaves businesses vulnerable to viral malware
Attackers are using the viral aspect of social media (and the unsuspecting and trusting nature of many users) to speed viruses around the globe more quickly than ever. By convincing one user to share an infected file with their network (or simply crack the credentials for an account), attackers can exploit personal connections for profit.
Even if your security is only a few years old, you may be a target. Just because you’re a small business does not mean you can’t be ruined by hackers. Protect your finances, your brand, your reputation, and your relationships with a security solution that protects you from today’s complex, fast-changing threats against SMBs.