Having an antivirus is not enough

“Antivirus is dead!” 

This was the headline of a 2014 story in PC World about comments made by leaders of McAfee and Symantec. That statement is even more true today.

A June 2018 report found that traditional antivirus (AV) software detects only half the threats. Unfortunately, if you are still using traditional AV, your company may be unprotected both from older viruses and today’s more sophisticated malware.

With cybercrime exploding worldwide, it may be a good time for you to ask an IT professional to complete a basic security check to see if your AV is working correctly.

What’s wrong with traditional AV software? 

Traditional AV doesn’t actually inspect a potential virus. Instead, it checks to see whether a virus’s signature is found in definition files stored on your computer, phone or other device. If your AV doesn’t find a virus signature, it assumes no virus is present and allows a connection to access your devices and network.

There are two reasons why your device wouldn’t detect a virus’s signature:

  1. The definition files in your system aren’t up to date. Before a new threat gets into your definition files, it must be identified by security professionals, a US government database has to post it, and your AV software provider must produce an updated definitions file for download. This process can take days or months, depending on the virus.
  2. The bug is a new (zero-day) threat. Traditional AV software was designed when life was much simpler. Now viruses are only one of more than eight different types of malware. Older, signature-based antivirus software doesn’t detect many of the newer threats.

Why should you be concerned?

A brief example can help you better understand today’s threats.

Most successful attacks (over 90%) come from emails. Many spam and phishing emails and attachments contain malicious links to malware sources, and people surfing websites can download malware from malicious weblinks pretty easily.

Also, most attacks today don’t rely on a single action or just one type of malware. Instead, cybercriminals string together multiple methods and different malware tools into what cybersecurity professionals call a “kill chain.”

Ransomware attacks use kill chains to penetrate IT networks to install encryption that locks IT devices and freezes data files. A dangerous example currently sweeping the world combines a Trojan horse (TrickBot), a loader (BazarLoader) and a ransomware program called Ryuk.

Once this noxious cocktail gains access to just one of your devices, it can spread throughout your network, infecting as many points as it reaches. October’s news is full of stories about Ryuk’s devastating effects.

So, how can you protect your organization from cybercrime?

cybercriminal imageCybercriminals typically demand Bitcoin ransoms up to $500,000 to remove malware and return control of your data. If your business gets hit, you can either pay the ransom or have a security pro attempt to remove the malware and recover your data (if the cybercriminal has not erased it).

Unfortunately, a recent study found that 46% of small businesses experienced ransomware attacks and 73% paid ransoms. However, paying ransoms only works about 30% of the time. So, what can you do?

There is no single solution. Security requires a multi-layered approach to defend against so many diverse threats. However, a security professional, can help you analyze your IT network and develop a configuration that’s right for you.

 

At IT Architechs, we perform a security analysis, which includes answering the basics like:

  • Are your current antivirus software and definition files updated and working properly?
  • Do your procedures ensure your data is backed up and stored securely?
  • Are your firewalls and other security tools working properly?

After review, our security professionals may recommend additional protections to keep up with the evolving threat landscape. These may include:

  • Different or expanded AV and firewall software.
  • Endpoint detection and response (EDR) software to extend security protections out to each computer, tablet and mobile device. EDR uses advanced data analytics and pattern analysis to block threats before they breach your devices and get on your network.
  • Penetration tests to check your system for vulnerabilities and determine where hardening may be needed.
  • Security tools such as security information and event management (SIEM) software to continuously monitor and report on your security status.
  • Updated data protection tools to backup your data more frequently and tighten privacy controls.

Whatever the need, our security experts can help you analyze your security risks and craft a cost-effective, multi-layered defense against cyberthreats.