A big portion of security breaches against companies are carried out through malware attacks. Unfortunately, more hackers are using targeted malware that antivirus software can’t stop, according to a new report. Here are some steps IT can take to prevent those attacks.
Targeted malware is becoming a common strategy for hackers to carry out data breaches, according to the 2012 Global Security Report, recently released by security firm Trustwave.
The company analyzed 300 of the IT security incidents it was hired to investigate last year. The pieces of malware found while investigating those incidents were collected and tested to see how well a sampling of antivirus programs identified them as malicious.
The results weren’t comforting: The antivirus programs properly detected less than 12% of the malware. In other words, almost 90% of the malware successfully used by hackers now won’t be stopped by common antivirus software.
The problem is that antivirus software relies on certificates to identify known malware samples, which is generally only effective for stopping common viruses. But more criminals are now turning to malware targeted to attack specific organizations. Overall, 13% of the malware samples seen by Trustwave over the past year required some kind of inside knowledge about the company or application being attacked.
Despite hackers’ new tactics, Trustwave says, many businesses still put too much faith in their antivirus software. That partially explains why in 84% of incidents studied in the report, the company didn’t know it was breached until it was notified by an outside organization.
While an antivirus application can still be a vital piece of a company’s information security plan, IT departments should also take these steps to protect against the new forms of malware:
- Train users – Malware typically enters a company’s network through a user’s PC, and the new targeted pieces of malware are often delivered through malicious emails or other social engineering attacks. It’s now more important than ever to teach users to recognize those tactics.
- Prevent intrusion and data leaks – Rather than hoping antivirus software identifies attacks when they occur, companies are encouraged to focus more on firewalls and other tools that prevent attackers from accessing the network. Businesses should also focus on blocking suspicious outgoing connections that may be sending sensitive data to criminals.
- Improve breach detection – As security attacks become stealthier, business need to improve their efforts to detect breaches and limit the damage they cause. That includes methods such as analyzing logs to detect suspicious activity and segmenting networks to contain attacks.