Things to Consider When Defending Against Malware
“Failing to plan is planning to fail” – Benjamin Franklin
In the world of IT, Franklin’s famous quote above still rings the bell. Sadly, there are still companies that are very gullible, deciding to just buy an antivirus software from a known brand, install it on their networked computers and call it the day. But there are lots of things that need to be considered when it comes to cybersecurity defense than meets the eye. This is more highlighted in the wake of the implementation of the GDPR (General Data Protection Regulation), as imposed by the European Union.
Cybercriminals are changing their stance, used to develop damaging malware that will corrupt the computer and its data to something that just wants to lurk in the computer, using it for other purposes as part of a botnet. “Over the past few years, we have seen cybercriminals continually tweak their methods, switching from PCs to smartphones to steal confidential information or financial credentials to get their hands on their victims’ money,” said Simon Young of Credence Security, an anti-cyber threat firm.
Cybercriminals have a new wide target to focus on for years to come. This is the Internet of Things (IoT), a new category of devices that is slowly making a mark. We are in a stage of standardization, where different vendors that used to manufacture IoT using their proprietary operating systems are slowly adapting common OS from Google (Android Things) or Microsoft (Azure Sphere). Imagine a big botnet composed mostly of hijacked IoT devices, being a 24/7 Internet-enabled device, the attackers have the upper hand in using the collective processing power they can earn from it for many nasty purposes.
“The first way to prevent a cyber attack is to be aware, and ensure that all employees are also trained in what not to do. For example, be vigilant, and never click on links or attachments in emails unless you are 100% certain of their legitimacy. Also consider a virtual private network, as this will prevent attacks too. There are many malicious sites that appear to be the genuine article. Always scrutinize the URL for any anomalies that might point to it being an imitation of the genuine article,” added Young.
Mobile devices like smartphones and tablets, being ubiquitous is one of the mainstream ways cybercriminals make their presence felt. There is even an Android-based crypto mining malware in the wild as this article’s writing, confirming Young’s suspicion. He mentioned: “Smartphones have become the de facto tool for accessing both personal and business information, as well as conducting finances and other operations. Ensure you have a good mobile security solution installed, and always run your updates as soon as they are available. Also, be careful when downloading apps. Don’t download from any marketplaces that aren’t sanctioned, and check app permissions to ensure no app is asking for access to something it simply shouldn’t need. Make use of any protective features that come with your device and practice good security hygiene, irrespective of whether you are on your phone or your PC.”
Cybersecurity defense is a continuous process, a 24/7/365 system that never sleeps. A moment of idling is very risky for any enterprise, decision-makers should not take for granted that security defense requires constant updating to maintain relevancy. Mr. Young concludes: “To survive in today’s threat landscape, planning and implementation of strategies and countermeasures is crucial. Businesses need to take concrete steps towards understanding, and having the ability to neutralize threats.”
Kevin Jones295 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.