Skip to main content

You can’t stop them from getting in, but you can stop them getting out

(Image credit: Image source: Shutterstock/jijomathaidesigners)

Antivirus software has been around for over 30 years, when computers were still relatively new. At that time, antivirus software was the only way to defend against one of the only existing threats – viruses. However, 30 years on, much has changed – and in the world of technological advancements, three decades might as well be a lifetime. The threat landscape we see today is vastly different and infinitely more sophisticated.

Hacking is now at an all-time high, representing the single biggest threat to business. Organisations across the globe now accept that a breach is inevitable. In fact, the 2018 Cyber Security Breaches Survey released by the UK government showed that almost half of UK business had suffered a cyber breach in 2017, with the number rising to an astounding 72 per cent among large businesses. According to the report, the most common breaches or attacks involved fraudulent emails, viruses and malware. The cyberbreach disclosed by Airbus shows just how vulnerable our personal and corporate data is to cyberattack.

Organisations today must protect their devices not only from viruses and malware, but also malicious activities carried out by cybercriminals, such as infecting IoT devices to perform DDoS attacks and cryptocurrency mining. The tide has shifted from trying to stop people getting in, to trying to stop them getting out. The days of relying solely on antivirus and firewalls for complete protection are well and truly behind us. Taking a multi-layer approach to security is essential in defending against ransomware, spyware, malware, phishing and unauthorised data collection.

Prevention is the best form of defence

The inherent mobility of today’s workforce makes it increasingly difficult for companies to keep track of activity across all devices. With organisations growing in size and complexity, they must be able to carefully monitor and block unauthorised outbound traffic and ensure that all data remains on device. So, what are the biggest threats organisations are experiencing today and how can companies best protect themselves from what they can’t see?

1.            Protecting data & privacy:  Phishing remains one of the most widely used forms of cyberattack, with account verification the most common, followed by cloud-based file sharing. Unfortunately, it’s become almost inevitable that some form of phishing attack will take hold across an organisation, so organisations must have the tools available to stop the attack from spreading. By stopping an unknown attacker from inside the network it is possible to mitigate the loss of data. Threats from spyware can also be addressed by security solutions that eliminate the collection, accumulation and distribution of personal data. This also aides GDPR compliance by preventing hackers from removing any sensitive data from company networks.

2.            Fileless detection: Typically, attackers use fileless techniques to avoid detection and either download or execute remote payloads with the purpose of stealing data. Hackers are increasingly using fileless techniques to download random payloads and signatures in order to steal data, with 77 per cent of successful attacks now using Fileless exploits. To do this, it is necessary to connect to a remote server. Since this needs to remain anonymous to avoid detection, it is usually performed over the dark web. These attacks are ten times more likely to succeed. Fileless malware will only become smarter and more common. Increasingly, attacks will leave little to no trace in the file system or the network and have forced organisations to start detecting attacks based on their behaviour.

New solutions are available that can now stop attacks at each stage of their life-cycle. Fileless network protection is a vital part of device security and a critical part of a layered strategy, crucial in protecting every organisation. The ability to analyse network traffic, detect unusual behaviour and shut down rogue applications is essential to protecting against these attacks.

3.            Ad blocking/Malvertising: Considered to be the leading threat vector, almost one in five cyberattacks now strike through advertising networks. Cybercriminals inject malicious code into these networks to trigger the download of malicious software onto a device. This is no longer restricted to Ads themselves but also images which can embed hidden data (steganography). Such threats can be abolished by eliminating ads and data profiling activities across the organisation, ensuring that employees don’t have the opportunity to click on malicious links and content in the first place.

4.            Social Network Blocking and Fake News: There’s been a groundswell of interest in Fake News over the last few years. The speed at which these fake stories build social engagement highlights an urgent need for companies to be able to block these sites, often used as clickbait to attract users to extract personal information. Recent research also reveals that one in five organisations have been infected with malware distributed via social media. An attack, even if targeted at a home user can still have a significant negative impact on a company, so these risks cannot be ignored. With last year’s revelations about Facebook tracking you whether or not you were a Facebook customer, most people don’t even realise they are a part of a massive data collection exercise.

Despite the negative news surrounding social media, it’s evident we haven’t fallen out of love with Facebook and Twitter just yet. The number of worldwide users continues to grow each year. The reality is that most of us will continue to use social media regardless of the risks and potential threats they present. Individuals and organisations need to be aware that they cannot rely on social media providers to keep their data private and protect them from cyber threats. They have to be proactive.

Preventing infection through immunisation

The threat landscape we see today is infinitely more sophisticated than just a few years ago. Organisations need a multi-layer defence system to prevent data loss as well as unauthorised data profiling and data collection. Rather than trying to identify attackers by their fingerprints, companies need to look at the characteristics of attackers - analysing network traffic to detect unusual behaviour and eliminating these threats before they wreak havoc on an organisation and bring it to its knees.

Dr. Darren Williams, founder and CEO, BlackFog
Image source: Shutterstock/jijomathaidesigners