Malware and zero day threats continue to be the biggest dangers to business cybersecurity and data protection. These attack vectors are nothing new – malware goes back to 1986, according to Lifewire. A lot has changed since then to improve IT security and better protect organization assets; however, these issues remain prevalent in modern day priorities for safety measures.
With all of the progress made on deterring malware, it can put companies at a false sense of security. Headlines over the past few years have featured high-profile businesses breached by malware and zero day threats, exposing critical information and damaging the organizations’ reputations. Company leaders must understand just how much of a danger these situations present in order to protect themselves effectively. Let’s take a closer look at how malware and zero day threats continue to bypass conventional IT security measures and what businesses can do about it.
New Strains Emerging Faster Than Security Tools
Attackers are not standing idly by. They are constantly making adjustments to malware code and techniques to get around security tools. In fact, there were 127 million new malware strains in 2016, and 22 million samples have already emerged in the first quarter of this year, GData Software stated. That means that nearly 250,000 new malware attacks were published per day within the first three months of 2017. The sheer number of threats makes it extremely difficult for organizations to detect them all and implement protections appropriately.
Security tools and patches are emerging on a regular basis, but this process often happens reactively to beat a new attack vector, rather than proactively to head off possible threats. According to a study by AV-Test, participating organizations took between 7 hours and 30 hours to detect and remove each new virus, eSecurity Planet reported. However, in reality, it can take much longer between discovery and disinfection of a new malware strain. By the time that it’s detected, the damage could already be done.
Mobile Devices Prove a Protection Challenge
Emergence of mobile hardware and bring-your-own-device policies have put companies at even greater risk for malware and zero day threats. Unlike business-provided hardware, personal mobile devices cannot be fully managed by the organization, leaving it up to the employee to activate security measures and use cybersecurity best practices. However, malware and zero day attacks are now being made to specifically target these devices.
Mobile devices are becoming more essential to work functions, but they can easily be leveraged as a door into the broader business network. In March 2017, Check Point mobile threat researchers found 36 Android devices with a severe infection – the catch is that the malware arrived with the the device. Malicious applications were added somewhere along the supply chain, including rough ad networks, mobile ransomware and information stealing programs. These issues are further compounded by the fact that users can download dangerous software without IT approval and unknowingly enable it to access critical information.
As a result of these major threats, Apple and Android have both created vetting processes to verify that apps are safe to use. Apple in particular has used stringent guidelines to prevent malicious attacks from impacting devices. According to TechCrunch, Apple launched a bug bounty program offering $50,000 for anyone that discovered zero day vulnerabilities. This type of effort helps the organization find a security problem before an attacker does and patch it accordingly.
Mobile devices hold a wealth of information, making them enticing and lucrative targets for resourceful and sophisticated attackers. According to Duo Labs, 1 in 3 Android users don’t use a lockscreen passcode on their smartphone, Android Authority reported. This is particularly concerning as most mobile malware is made to target these devices, and Android phones are more likely to be jailbroken than iOS.
“Even if a weakness is found in one layer, you will still have others to help defend you.”
Use a Layered Approach
There’s no silver bullet when it comes to cybersecurity and defending your business against malware and zero day attacks. Therefore, it’s not feasible to implement a single solution and expect it to protect all of your assets. With a layered security approach, hackers will struggle with the multiple safeguards in their way, rather than one tool. This method ensures that even if a weakness is found in one layer, you will still have others to help defend you. Layered solutions stop attacks from escalating and defend against changing tactics while ensuring compliance standards are upheld.
A comprehensive layered defense solution should include people, policies and training, network firewalls, physical security, endpoint protection and network inspection tools. Organizations must ensure that each element integrates with other levels of protection and provides seamless updates describing the latest threats. Organizations can use Faronics Anti-Virus for malware protection, Deep Freeze to make configuration indestructible and Anti-Executable to only allow approved applications to run on a computer or server. For more information about how these services can protect you against malware and zero day threats, contact Faronics today.