The security landscape is rapidly evolving, to the extent that today’s malware attacks are more frequent, devious and more targeted, thus successfully penetrating many businesses including those that consider their security strategies to be adequate. This according to Carey van Vlaanderen, CEO at ESET Southern Africa, who elaborates that hackers are now more methodical and flood targets with an overwhelming amount of new malware, using social media sites and bring your own device (BYOD) security loopholes to quickly distribute and execute attacks.
Van Vlaanderen warned that the explosive growth of mal- ware is fuelled by numerous factors – financial motivation, the availability of DIY virus modules, easier attack routes through social networks, and Bring Your Own Device (BYOD) devices in the workplace - all which present exploitation possibilities. Furthermore, companies need to be wary of fake antivirus, known as scareware, which imitates legitimate security products to trick users into giving up confidential information or buying rogue security software. Additionally cyber extortionists use ‘ransomware’ to lock users out of their own systems until they pay a ransom.
Exacerbating matters, she believes, is that many small and medium businesses (SMB’s) underestimate the security dangers they face in today’s threat environment. Many businesses have little training or understanding of laws governing how personally identifiable information should be encrypted, shared, or stored and lack policies ensuring their staff comply with those requirements.
These same businesses often rely on single-layer security solutions, such as standalone antivirus software, which leaves them open to attack if their defence is breached. Additionally, she warned that hackers are more likely than ever to target SMBs, hoping their lack of preparation and limited security expertise will make it easy to penetrate their systems and those of their business partners. Van Vlaanderen advised that SMB business owners should correct these vulnerabilities to keep themselves protected.
Foibles and flaws
Alas, SMBs make several security mistakes, the first of which is just relying on traditional antivirus. While traditional antivirus products compare the files on a user’s system to only a limited library of known bad signatures, these do not perform advanced heuristic analysis (examining the structure or behaviour of malicious code). Such security products have difficulty detecting malware that is released in many subtle variations or morph every few hours to evade signature-based detection.
Van Vlaanderen cautioned against another typical security mistake, of employing just one line of defence against malware such as antivirus, and failing to include an advanced firewall to block and flag suspicious network traffic. Furthermore, for companies that allow employees to BYOD, these personal devices can be an attack route into the corporate network if users download malware disguised as legitimate applications. Thus, being able to lock down specific USB ports is essential. Finally, she warned that social media access at work leaves businesses vulnerable to viral malware, particularly as attackers use the viral aspect of social media (and the unsuspecting and trusting nature of many users) to disseminate viruses globally.
“Just because you’re a small business does not mean you can’t be ruined by hackers. Protect your finances, your brand, your reputation, and your relationships with a security solution that protects you from today’s complex, fast-changing threats against SMBs,” she concluded.