Is Your Anti-Virus Doing Its Job?

Uploaded on 2022-07-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Every day, new malware and other online threats emerge. In fact, the AV-Test Institute registers over 380,000 new pieces of malware and potentially unwanted applications (PUA) every day.

The 2022 report from the Department for Digital, Culture, Media & Sport ‘Cyber Security Breaches Survey’ reveals that bad actors are still largely targeting people, instead of infrastructure. For those medium and large businesses that identified an attack, the most common threat vectors were phishing attempts (94%) and impersonation campaigns (63%).

However, Digital Pathways research shows that many mid-market businesses do not believe their current cybersecurity strategy is future ready.

Phishing campaigns are evolving, and cyber criminals are getting increasingly sophisticated, often using relevant news and trends as click bait. COVID-19, humanitarian efforts in Ukraine and even popular, sporting events, have all been used to lure victims into clicking a malicious link or opening a corrupted attachment on email.
Some operating systems are much more susceptible to viruses than others, with Windows coming in first, with 87% of ransomware targeted at Windows computers.

In a world where cyber attacks are growing, traditional anti-virus solutions are simply not enough. As confidence in detection-based protection is declining and given remediation even for a single threat is increasingly costly, now is the time to introduce more preventive anti-malware solutions.

This is supported by a recent study by the Ponemon Institute on the state of endpoint security risk, where they found that only 27% of respondents thought that traditional anti-virus solutions were sufficient for new and unknown threats.

The reality is, with our increased reliance on being connected to the web, combined with the rapid expansion of malware, it is becoming harder to prevent devices from getting infected. That means, if you are relying on anti-virus software alone to secure your PC, you do not have enough protection against the growing number of threats. There are too many threats to defend against!

Standard anti-virus software is effective against most known threats. But there are also unknown risks to add into the equation, and this is where they fail. AV engineers need time to understand a new virus and then add the fix to their software which can take days to do. Then a further delay happens as IT teams often do not update immediately. Thus, an update could take a week to be implemented which, in virus terms, is ample time to spread.

Something as seemingly harmless as a web page can be a way for malware to get into your system, simply by visiting them. These typically come from clicking malicious ads, known as malvertising attacks, they land on a page that could download a file or execute a web script that compromises your system.

Given the findings that many companies do not have a clear strategy for tackling these attacks, and where they do, the process is disjointed or out of date, what can an organisation do?

  • Start by taking back control and protecting users from traditional email threats including spam, viruses, large-scale phishing attacks and malicious URLs.

To do this, ensure your solution can address both known viruses, and fileless attacks, such as those coming from websites or, brand-new viruses which have yet to be diagnosed by the AV vendors.

  • Secondly, close any gaps in existing security postures by integrating attack intelligence across email, web, and cloud, using identity and context.

This is about looking at the bigger picture and ensuring bad code is not already in the network, waiting for the trigger to be pulled. Use behavioural analytics, the more granular your data, the better the understanding of what constitutes normal activity, enabling anything unusual to be flagged for review.

  • Thirdly, prevent cross-channel attacks with an autonomous security engine that can respond to any threats at machine-speed.

This helps ensure that when an attack is seen in one location, for example a device within the network or a rogue weblink, all connected devices and services within the organisation are protected by machine level alerts, which contain the outbreak or remove the weblink by filtering from any other user. Remember ransomware tactics are diversifying and can strike at weekends or holidays when fewer IT security staff will be on duty.  This calls for an AI level of monitoring and response.

  • Finally, run regular phishing simulations which are a good way to keep employees sharp, particularly live tests and never underestimate the insider threat.

It is a fact that AV alone is not good enough, and an organisation needs to take a broad approach to stopping bad code entering the network.

Clearly user education is a good starting point, but on its own the company will still suffer a breach, no matter how diligent users are.

Today, the attack surface is so wide that what is needed, is a consolidated solution that covers email, websites, and active content scanning, built around an AI driven intelligent process of detection, containment and remediation, as we are now beyond the ability of most IT teams to fully understand what the attack vector is.

Colin Tankard is Managing Director of Digital Pathways

You Might Also Read:

Never Trust Anything Again - The Zero Trust World:

 

« A Major Skills Training Initiative From (ISC)2
How IAST Improves Application Security & Six Steps to Effective Deployment »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

Conference-Service

Conference-Service

Conference-Service provides a categorised calendar of conferences and events, including Information Security & Privacy.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

Logz.io

Logz.io

Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a enterprise-grade cloud service with machine learning technology.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group, Ltd. (STIGroup) is an innovative firm that provides CyberSecurity consulting, secure IT engineering, managed security services, and human capital solutions.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.