Posted by: A Geek To Go, LLC – advanced malware prevention and remediation solutions for business and home.
Although the origin of the first computer malware is still debated, one thing has remained constant: Since its inception, malware continues to be one of the biggest threats facing today’s businesses.
According to data from Verizon’s 2018 Data Breach Investigations Report, malware continues to grow in frequency and sophistication year over year.
So why is malware — one of the oldest threats to modern computer systems — still such a big problem? Let’s start at the beginning.
What Is Malware?
At its most basic level, malware is any malicious software or program developed by cybercriminals with the intention of gaining access or causing damage to a computer network. This includes software created to perform unauthorized actions on another user’s computer, tablet or smartphone. Common types of malware include:
• Viruses: Executable files that self-replicate by infecting and modifying a program’s code.
• Ransomware: A program that takes control of a computer and holds it (or select data) hostage until a ransom is paid — often in the form of untraceable cryptocurrency.
• Worms: Programs that replicate themselves in order to spread to other machines.
• Spyware: Software that installs itself on a computer to covertly collect, track and/or steal sensitive data and information.
• Rootkits: Programs that, once installed, conceal themselves, execute files and make changes to systems.
How Did We Get Here?
In its early days, malware was spread primarily through the sharing of discs (floppy and, later, CD-ROM); however, the advent of the internet and explosive growth of email and e-commerce gave rise to a multitude of new opportunities for criminals looking to make money or just cause trouble.
Throughout the 1990s, various forms of malware caused trouble for computer users, doing everything from deleting data and corrupting hard drives to stealing information to just annoying victims. It was toward the end of the decade, as the World Wide Web made its way into people’s homes and businesses, that malware really came into its own with email spam, attachments and links.
Early spam campaigns often relied on volume and chance, sending out millions of bogus emails in the hopes that some unwitting user would click the link or open the attachment. But in time, cybercriminals stepped up their game with more sophisticated ways of delivering malware via phishing emails.
Not only did the delivery of malware become more advanced over time, but the programs and variants themselves changed, causing businesses and consumers to take a serious look at the prevention and remediation of malware infections. Malware was no longer just a nuisance; it was a serious threat with real financial repercussions for businesses.
As mentioned above, malware comes in many shapes and sizes, and the impact of each can vary widely from type to type. Malware can disrupt business operations in many ways, from stopping day-to-day operations to stealing private data to massive reputational damage. Here are a few examples of what malware can do to impact your business:
• Take control of your computer or network and all the software running on it.
• Alter and delete files, including the reformatting of a machine’s hard drive, causing a complete loss of any information that is not backed up.
• Steal sensitive information, including proprietary information and customer data like credit card and social security numbers.
• Send malicious emails or network traffic on your behalf.
• Install pop-up messages or lock your computer and redirect you to a tech support firm or criminal asking for payment in order to restore the machine or data.
How Do We Fix It?
Although most businesses recognize the threat malware represents, the challenge is preventing it. Although several preventative solutions exist, each carries its own drawbacks.
For example, you could avoid a lot of malware by refusing to open all email attachments and links, turning off preview modes in your email program and turning off scripting in your web browser. Unfortunately, this would make work very difficult, not to mention that many of the websites you visit would be displayed incorrectly or not at all.
The use of blacklist and whitelist solutions that allow you to only run approved programs is another option. The problem, of course, with blacklisting is the impossible task of blocking every single malicious program. And what happens when the bad guys find ways to make the malware appear whitelisted?
Another solution is the plethora of antivirus solutions on the market. The key drawback to many of these legacy systems is their reliance on signature-based detection — blocking malware on the assumption that the threat you saw yesterday looks the same today. Unfortunately, since the early 2000s when malware really started to become a for-profit industry, cybercriminals have made innovations that allow malware to rapidly change its appearance, making signature-based detection an incomplete solution.
It’s important not to misunderstand — just because a solution isn’t 100% effective doesn’t mean we should disregard it. Of course, malware detection and prevention solutions are necessary for any organization, but antivirus alone isn’t capable of catching everything.
There will always be something new out there, so the best way to protect your business is by implementing and employing a variety of solutions and protocols. Develop a system that includes protection and remediation and endpoint protocols that include regular installation and updates for all of your software — not just antivirus programs. Use a password manager to help eliminate the need to remember multiple complex passwords, and set up two-factor authentication and VPNs for remote users. Ensure that all devices within your network are encrypted (computers, phones and tablets), and always create regular backups of your most important data.
Though no single solution will keep you completely safe from malware, a multiple-step approach like the one outlined above can help protect your business should malware breach your defenses.
A Geek To Go, LLC – advanced malware prevention and remediation solutions for business and home.