Malware is one of the biggest security threats facing organizations and is often distributed by hackers with the intent of disrupting, damaging, or gaining unauthorized access to computer devices and networks. To make matters worse, cybercriminals are constantly finding better ways to deliver malicious code to exploit system vulnerabilities.
A recent study from Insights for Professionals, which surveyed 1,500 senior leaders across the UK and USA, identified that malware was the greatest challenge reported by 37% of Heads of Departments compared to just 12% of Directors.
Research from PurpleSec shows that there’s been an 800% rise in malware attacks, from 12.4 million in 2009 to 812.67 million in 2018. Additionally, AV-TEST reported a 29% increase from 1001.52 million in 2019 to 1290.89 million in 2021.
When COVID-19 impacted everyone worldwide in 2020, businesses were forced to adopt the cloud and implement remote systems and networks to support employees working from home. Although most companies were able to run remotely, threat actors were able to exploit their security vulnerabilities, leaving more businesses open to cyberattacks.
Deloitte identified that 1 in 4 (25%) workers had noticed an uptick in fraudulent emails, spam and phishing attempts since the COVID-19 crisis. Interpol detected around 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs between January and April 2020. What’s more, Verizon’s 2021 report discovered that 85% of breaches involved human interaction and 36% of breaches involved phishing, which is 11% higher than 2020.
From encrypting, stealing or deleting sensitive data to hijacking or changing core system functions, it’s essential to keep a close eye on the different types of malware.
Not knowing how to protect your company against malware can have severe consequences. On average, data breaches cost companies $4.24 million per incident.
Here are some best practices and tips you can adopt right now.
Data loss is a massive concern for many organizations, with one study highlighting that 42% of IT professionals believe that ransomware brings the most risk.
Should your devices ever become infected, the likelihood of you getting your data back in one piece is very slim unless you pay the ransom. Although backups don’t provide that much protection, getting into the habit of regularly backing up your critical files locally and in the cloud will help you restore your systems after an attack and minimize downtime costs.
Not having antivirus protection on your work devices puts your users and the business at risk of being targeted by malicious actors. A modern antivirus solution secures your endpoints by detecting, blocking and removing malicious files. They also operate discreetly in the background and update themselves, offering real-time protection against the latest threats.
But with so many vendors offering similar products and features, which one should you choose? Here are some questions to help with that:
Asking these questions won’t only help you choose the right software, but it’ll also protect the business against the most sophisticated malware attacks.
Not updating your operating system, software, browser and plugins can pose a serious security risk. For example, a report from BeyondTrust highlighted that a record high of 1,268 Microsoft vulnerabilities was identified in 2020, which is 48% higher than the previous year. Meanwhile, another study found that Google products, like Chrome, recorded the most vulnerabilities (547) in the first half of 2021.
While software doesn’t guarantee complete protection against malware, most vendors regularly release updates and patches to fix existing security vulnerabilities or bugs. For example, Apple released an emergency security update in September 2021 across its devices to block zero-click spyware.
To reduce the likelihood of your systems becoming infected with malware, don’t ignore new software update notifications – act immediately.
Failure to secure your defenses and malware has the potential to spread rapidly across your network and disrupt the day-to-day running of the business. Consider network segmentation, which basically divides your network into smaller parts. Although it doesn’t prevent security attacks from taking place, segmentation will contain malware in one part of your network and stop it from impacting other systems.
Yes – employees still use weak and straightforward passwords according to the ‘Top 200 most common passwords’ report from NordPass. Some examples include:
To stop cybercriminals from breaking into your devices or apps, there are a few methods you can adopt to strengthen your defenses and curb the risk of malware attacks.
Get your employees into the habit of creating strong passwords and changing them regularly. A password that contains more than 12 characters – and uses a combination of lowercase and uppercase letters, special symbols and numbers – will make it more difficult for cybercriminals to crack. Also, refrain your workforce from reusing passwords across multiple accounts.
Despite the benefits of creating complex passwords for each account, most users will struggle to remember each one, so consider investing in a secure password manager to help users store and manage their credentials in a single encrypted location.
Research from Yubico shows that COVID-19 and the virtual workplace has driven most security professionals and businesses to multifactor authentication (MFA), with nearly three-quarters (74%) planning to increase their spending. Indeed, research from Microsoft suggests that MFA can block 99.9% of attacks and prevent cybercriminals from gaining unauthorized access by asking users to provide two or more verification factors to prove who they say they are.
People are without a doubt the weakest link when it comes to cybersecurity, and this is often due to the lack of training. A 2020 report from the Department for Digital, Culture Media & Sport found that only 1 in 9 companies (11%) have provided cybersecurity training to their employees.
Hackers utilize a range of social engineering tactics such as phishing to psychologically trick end-users into clicking on suspicious website links or giving away sensitive information. To reduce the risk of an attack, consider providing regular security awareness training. For instance, equipping your people with the knowledge and skills to recognize the tell-tale signs of phishing emails and running regular phishing tests will help them retain everything, which, in turn, will significantly reduce the chances of a costly data breach.
As hybrid working becomes more common, employees will have far more flexibility on which days they visit the workplace and which they work elsewhere. But should people choose to work in a café with free public Wi-Fi, this could pose a security risk to the business as malicious actors can monitor what employees send/receive and even distribute malware. To maintain high levels of security and privacy, consider setting up a VPN and highlighting the benefits of this technology to your users. In doing so, you’ll make it harder for hackers to access and steal sensitive business data.
Phishing emails are constantly being sent to employees, and all it takes is one click on a link or an attachment, and the malicious code is on your system. To make it more difficult for malicious actors to infiltrate your devices, consider implementing the principle of least privilege (PoLP), which addresses access control and limits the access rights of users to the bare minimum they require to do their job. By restricting a user’s ability to install software on work devices, PoLP can significantly help to prevent malware attacks.
As long as cybercriminals continue to find new and innovative ways to infiltrate your networks and devices, malware will always pose a threat. To avoid falling victim to malware attacks or mitigate those that are already on your devices or network, adopting some of the tips above will put you in a far stronger position.
This article was originally published here.