With malware attacks on the rise in all parts of the industry, and the growth of enterprise mobility practices such as BYOD on the increase, it seems a good time to publish a primer on the subject, covering what threats to expect and how to guard against them.
Malware: The Basics
Malware is on the rise, with 28.4 million1 cyber attacks involving financial malware in 2013 alone. But what is it?
Malware is software code specifically designed to disrupt, damage or invade a computer system, most commonly for monetary profit or to access sensitive information. Some malware, such as viruses, infects all systems with which it comes into contact and spreads either by automatically installing and running itself on the host system or by actively transmitting itself over a network. Other malware, such as “Trojans”, includes software which is designed to remain concealed, monitoring and accessing your private data, such as bank details, etc.
The most obvious point of danger within a business is your server and the data it holds, and the risk of the dreaded “data breach”. Understanding how malware works and is used is the first step towards improving detection and preventing threats.
Attacks via the internet are increasing every year, and don’t discriminate between multinationals and small businesses. If a hacker can find a way to infiltrate malicious code into your server and access files or log information exchanges, they have ready access to sensitive information such as customer data, credit card information, passwords and more.
Exposing client or customer data in this way can lead not only to legal action and lost business with the customer themselves, but also significant impact on the organisation through reputational damage and loss of credibility with the market – and that’s apart from the direct costs of additional labour charges, compensation and hardware and software repairs.
While some malware can attack and disrupt your server, other code is designed to attack your customers directly via, for example, spam emails or pay-per-click advertising. Phishing attacks are becoming more effective through the use of social media, as hackers learn to customise their malware and target their victims more successfully.
More importantly for larger organisations, malware can be placed on your website which instantly downloads to a customer’s device whenever they visit your page, or redirects them to another site which contains a concealed infection.
Smartphones and tablets are increasingly being targeted by hackers, especially Android devices who attracted 98.05%2 of all detected infections in 2013. The growth of mobility within the enterprise in general, and BYOD in particular, is particularly significant, bringing with it a plethora of devices and operating systems which make it increasingly difficult for the IT Dept to monitor threats and take pre-emptive action. In the absence of central policies and enforceable procedures, users struggle to keep their anti-virus and security software up to date, while companies put off urgent patch upgrades in order to minimise disruption to the business. With so many new platforms and IT struggling to cope, hackers are constantly finding new openings.
Keeping your staff fully up to date on the risks of malware and phishing attacks is key, so they understand the company security policy and the importance of regularly scanning their devices for vulnerabilities and possible infection. Regular scans of the company and, where hosted internally, website servers are equally important, to detect concealed infections which are quietly stealing information in the background.
With such a playground for hackers to enjoy, guarding your personal device and/or those of your company can be extremely challenging. Security is paramount and the repercussions of neglecting device protection can have serious consequences for your business. Updating security software and running regular checks seems simple when it’s just a few people, but when the company is global or includes tens of thousands of employees, higher level protection solutions are required.
Malware’s purpose is to compromise the functionality of your IT and communication systems, and exploit or compromise the data held within those systems for the publisher’s – or, in some cases, the publisher’s own client’s – commercial or strategic gain.
Hackers are constantly evolving their code to slip past the barriers erected to keep them out. The only solution is constant vigilance, coupled with regular anti-malware updates and thorough checks of the business’ servers and the systems connected to them, either directly over the corporate network or remotely via the internet. With the growth of BYOD, the need is even greater for the organisation to have in place proper Enterprise Mobility Management (EMM) and Mobile Device Management (MDM) policies, together with adequate monitoring and enforcement procedures.
Anything less puts your business, your data and your customers at risk.
Thanks to Emma Griffin for the post !