 | Issue: | Global 2012 |
| Article no.: | 15 | |
| Topic: | Growing threats to businesses | |
| Author: | Marcin Kleczynski | |
| Title: | CEO | |
| Organisation: | Malwarebytes | |
| PDF size: | 232KB |
About author
MarcinKleczynski is the CEO and founder of Malwarebytes.
Mr Kleczynski majored in Computer Science at the University of Illinois.
Article abstract
One of the biggest online threats is advanced malicious malware which can access company networks and steal sensitive data without being detected by anti-virus software. Companies need to ensure they are protected and take the correct steps or risk losing out to the cyber criminal.
Full Article
The harsh reality is that cyber crime is on the rise and businesses are becoming victims to these fraudsters. It is estimated that UK businesses lose £21billion a year to cybercrime and in 2011 alone the cybercrime industry generated globally £7.74 billion in revenues.
One of the biggest online threats is today’s more stealthy and advanced malicious malware, which can access company networks and steal sensitive data without being detected by anti-virus software. This kind of software is constantly morphing to stay undetected, which means it can spread faster than ever before.
Each new piece of malware is a point of risk and with around 50,000 variants released every day, many of these will have variations of the same attack that are auto-generated. It is therefore no wonder the level of attacks is rapidly increasing and resources are unable to cope.
Complexity
The past couple of years have seen increasing levels of complexity to the malware threat. This year alone we have not only seen the use of Remote Access Trojans (RATs) like Blackshades and DarkComet being used by the Syrian government to spy on rebels, but also the use of the Flame Trojan in Middle Eastern countries, a highly sophisticated piece of espionage malware which targeted Government facilities and officials.
It is only a matter of time before some of the techniques learned from cyberespionage make their way into commercial malware. Businesses present an easy opportunity to these criminals as they store a vast amount of valuable financial and other data on corporate networks. By compromising one machine, criminals can gain access to salary details, critical passwords, bank accounts, photos and sensitive company documents which can then be used to access money or sell on to the underground.
This is hard for IT directors for a number of reasons. Within this current economic climate, with budgets getting slashed, there are more pressures on their time than ever before. As technology plays an increasing role in our lives, the IT director has an ever-growing number of things to worry about. Nowhere is this truer than at SMEs, where stretched budgets and far less resource means less people have to do more. Such an environment doesn’t exactly breed either diligence or a need to stay abreast of breaking trends and threats.
This makes these companies highly susceptible targets to attack. Being able to stay on top of every emerging type of threat is a luxury which only the best-resourced IT director can afford. What needs to be taught and realised is that having anti-virus software installed is simply not enough and will not keep the business protected.
Unfortunately, the lack of prosecution means cybercriminals are largely getting away scot-free. Once more, for every criminal prosecuted there are hundreds more to take his or her place. These criminals are usually based abroad and it is difficult to tell where attacks come from. This inevitably means this problem is not going to go away and will simply increase with time.
Simple steps
This might all sound scary but there are simple steps employers and employees can do to keep themselves protected. Firstly, and most importantly, you should educate your employees; secondly, be strict as a company by limiting what employees have access to; and finally make sure you are using the right software.
Employee education is critical and can often be overlooked. The ignorance of users who click on things they shouldn’t is the most common way for companies to become infected. Even opening pop-ups or using personal USB sticks which might contain shared music has its dangers; they can be ridden with infection which will then slowly make its way around the network.
This can however be helped by limiting user access control; it is cheap and effective to set up an allow list of websites and block the rest in the browser. By giving employees as limited privilege as you think is needed to complete the job efficiently will ensure that their computers will stay ridden free.
Finally businesses should take the time to look at the technology which they are using. As previously mentioned using anti-virus software is simply not enough and extra steps must be taken to layer protection. The majority of anti-virus products were designed 10-15 years ago and while still effective, they aren’t specifically designed to stop the latest breed of criminal software.
In conclusion, it is safe to say malware will continue to evolve into more powerful and dangerous forms as the influence of technology in the workplace increases. The threat is growing to businesses and unfortunately the majority often think they are protected when they actually aren’t. Once more this is becoming more common as malware is turning more advanced. Companies need to ensure they are protected and take the correct steps or risk losing out to the cybercriminal.
