Malware is one of the biggest security threats facing organizations and is often distributed by hackers with the intent of disrupting, damaging, or gaining unauthorized access to computer devices and networks. To make matters worse, cybercriminals are constantly finding better ways to deliver malicious code to exploit system vulnerabilities. A recent study from Insights for Professionals, which surveyed 1,500 senior leaders across the UK and USA, identified that malware was the greatest challenge reported by 37% of Heads of Departments compared to just 12% of Directors. How has malware evolved over the years? shows that there’s been an 800% rise in malware attacks, from 12.4 million in 2009 to 812.67 million in 2018. Additionally, reported a 29% increase from 1001.52 million in 2019 to 1290.89 million in 2021. Research from PurpleSec AV-TEST When COVID-19 impacted everyone worldwide in 2020, businesses were forced to adopt the cloud and implement remote systems and networks to support employees working from home. Although most companies were able to run remotely, threat actors were able to exploit their security vulnerabilities, . leaving more businesses open to cyberattacks identified that 1 in 4 (25%) workers had noticed an uptick in fraudulent emails, spam and phishing attempts since the COVID-19 crisis. detected around 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs between January and April 2020. What’s more, discovered that 85% of breaches involved human interaction and 36% of breaches involved phishing, which is 11% higher than 2020. Deloitte Interpol Verizon’s 2021 report Six common types of malware From encrypting, stealing or deleting sensitive data to hijacking or changing core system functions, it’s essential to keep a close eye on the different types of malware. – Among one of the most profitable malware types, hackers typically employ ransomware to encrypt sensitive files – preventing users from accessing them – and often demand a ransom payment in exchange for the decryption key. For example, the in May 2017 affected around a quarter of a million computers worldwide. Hackers initially demanded around $300 in bitcoins and then increased the ransom to $600. Ransomware WannaCry ransomware attack – Adware presents unwanted ads on your computer or mobile device. Not only are they very intrusive, but this form of malware does have the potential to become malicious. Adware – Once executed by a user, a virus can duplicate itself and spread quickly from one device to another, causing significant damage. Virus – Arguably one of the most dangerous types of malware, worms can duplicate themselves and spread to other devices without being attached to software or executed by a user. Worms – A Trojan horse often disguises itself as a legitimate file or program and tricks users into downloading it. Once installed, it can give hackers the ability to launch more attacks, alter files, steal sensitive information and more. Trojan Horse – Cybercriminals use spyware to monitor and record users’ keystrokes without their knowledge to seize things like passwords, payment details and more. Spyware How to prevent malware attacks from hurting your organization Not knowing how to protect your company against malware can have severe consequences. On average, data breaches cost companies . $4.24 million per incident Here are some best practices and tips you can adopt right now. 1. Back up your data frequently Data loss is a massive concern for many organizations, with one study highlighting that believe that ransomware brings the most risk. 42% of IT professionals Should your devices ever become infected, the likelihood of you getting your data back in one piece is very slim unless you pay the ransom. Although backups don’t provide that much protection, getting into the habit of regularly backing up your critical files locally and in the cloud will help you restore your systems after an attack and minimize downtime costs. 2. Install modern antivirus software Not having antivirus protection on your work devices puts your users and the business at risk of being targeted by malicious actors. A modern antivirus solution secures your endpoints by detecting, blocking and removing malicious files. They also operate discreetly in the background and update themselves, offering real-time protection against the latest threats. But with offering similar products and features, which one should you choose? Here are some questions to help with that: so many vendors What does the antivirus cover include and does it provide comprehensive protection? Does the software offer additional features such as anti-spyware, next-gen firewalls and email gateways? Will it operate on our operating system? Is it compatible across all devices? Does it come with 24/7 technical support? Asking these questions won’t only help you choose the right software, but it’ll also protect the business against the most sophisticated malware attacks. 3. Regularly update your software Not updating your operating system, software, browser and plugins can pose a serious security risk. For example, a highlighted that a record high of 1,268 Microsoft vulnerabilities was identified in 2020, which is 48% higher than the previous year. Meanwhile, found that Google products, like Chrome, recorded the most vulnerabilities (547) in the first half of 2021. report from BeyondTrust another study While software doesn’t guarantee complete protection against malware, most vendors regularly release updates and patches to fix existing security vulnerabilities or bugs. For example, in September 2021 across its devices to block zero-click spyware. Apple released an emergency security update To reduce the likelihood of your systems becoming infected with malware, don’t ignore new software update notifications – act immediately. 4. Use network segmentation Failure to secure your defenses and malware has the potential to spread rapidly across your network and disrupt the day-to-day running of the business. Consider network segmentation, which basically divides your network into smaller parts. Although it doesn’t prevent security attacks from taking place, segmentation will contain malware in one part of your network and stop it from impacting other systems. 5. Deploy secure authentication methods Yes – employees still use weak and straightforward passwords according to the ‘ ’ report from NordPass. Some examples include: Top 200 most common passwords 123456 123456789 12345 qwerty password To stop cybercriminals from breaking into your devices or apps, there are a few methods you can adopt to strengthen your defenses and curb the risk of malware attacks. Encourage stronger passwords or consider a password manager Get your employees into the habit of creating strong passwords and changing them regularly. A password that contains more than 12 characters – and uses a combination of lowercase and uppercase letters, special symbols and numbers – will make it more difficult for cybercriminals to crack. Also, refrain your workforce from reusing passwords across multiple accounts. Despite the benefits of creating complex passwords for each account, most users will struggle to remember each one, so consider investing in a to help users store and manage their credentials in a single encrypted location. secure password manager Implement multifactor authentication (MFA) shows that COVID-19 and the virtual workplace has driven most security professionals and businesses to multifactor authentication (MFA), with nearly three-quarters (74%) planning to increase their spending. Indeed, research from Microsoft suggests that MFA can and prevent cybercriminals from gaining unauthorized access by asking users to provide two or more verification factors to prove who they say they are. Research from Yubico block 99.9% of attacks 6. Educate your employees People are without a doubt the weakest link when it comes to cybersecurity, and this is often due to the lack of training. A found that only 1 in 9 companies (11%) have provided cybersecurity training to their employees. 2020 report from the Department for Digital, Culture Media & Sport Hackers utilize a range of social engineering tactics such as phishing to psychologically trick end-users into clicking on suspicious website links or giving away sensitive information. To reduce the risk of an attack, consider providing regular security awareness training. For instance, equipping your people with the knowledge and skills to recognize the tell-tale and running regular phishing tests will help them retain everything, which, in turn, will significantly reduce the chances of a costly data breach. signs of phishing emails As hybrid working becomes more common, employees will have far more flexibility on which days they visit the workplace and which they work elsewhere. But should people choose to work in a café with free public Wi-Fi, this could pose a security risk to the business as malicious actors can monitor what employees send/receive and even distribute malware. To maintain high levels of security and privacy, consider setting up a VPN and highlighting the benefits of this technology to your users. In doing so, you’ll make it harder for hackers to access and steal sensitive business data. 7. Adopt the least privilege model Phishing emails are constantly being sent to employees, and all it takes is one click on a link or an attachment, and the malicious code is on your system. To make it more difficult for malicious actors to infiltrate your devices, consider implementing the principle of least privilege (PoLP), which addresses access control and limits the access rights of users to the bare minimum they require to do their job. By restricting a user’s ability to install software on work devices, PoLP can significantly help to prevent malware attacks. Final thoughts As long as cybercriminals continue to find new and innovative ways to infiltrate your networks and devices, malware will always pose a threat. To avoid falling victim to malware attacks or mitigate those that are already on your devices or network, adopting some of the tips above will put you in a far stronger position. This article was originally published . here

Apple

Google

Microsoft

2022 - HackerNoon Contributor of the Year - Cloud Computing

Nominated for 2022 - HackerNoon Contributor of the Year - Cloud Computing

Too Long; Didn't Read

Questions about cloud security? Get answers here.

7 Ways to Prevent and Mitigate Malware Attacks

Too Long; Didn't Read

Companies Mentioned

Aikma

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

7 Ways to Prevent and Mitigate Malware Attacks

Too Long; Didn't Read

Companies Mentioned

Aikma

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES