Is Your Anti-virus Giving You a False Sense of Security?
Security management is indisputably important for any company today. Threats to security has led to an inevitable adoption of anti-virus software by most if not all organizations and with good reason. The majority of organizations have sensibly invested in installing the latest in anti-virus software. The anti-virus software industry is well matured with leading providers who offer trusted products that will constantly scan your network for any existing malware signatures and thoroughly clean it. For many organizations, having an anti-virus software provides a sense of comfort that their systems are protected. I hate to break this to you, but an anti-virus protection alone is a false sense of security. Many organizations have gotten a rude awakening with major hacks despite their anti-virus protection and firewalls.
Attacks have moved beyond installation of viruses on your computers.
The key operational word with anti-virus is “signatures.” So in actuality, your anti-virus software is only reactive – it can only detect a malware after it has done its job the first time and the anti-virus vendor later establishes a signature. The regular updates that you receive from your service provider protect you from recurring threats of the same malware – until a new malware comes to life. Developers take time to analyze and create a solution to detect every new malware.
Too Many Malwares to Defend Against?
Hackers are aware that their malwares enjoy a very limited span of time before they are detected – a few targeted organizations might have already taken the hit. As such, hackers continuously release new viruses. Over the years, anti-virus development has tried to keep pace with these attacks. However, the past five years have seen an explosion of viruses (with an exponential increase in the use of smart devices), making it difficult for vendors to catch-up with hackers.
McAfee, a leading provider of anti-virus software, predicted in 2013 that a new virus is being released every second; and that there is an evident time lag between new viruses and anti-virus updates. After the attack on The New York Times’ computers, Symantec stated, “Anti-virus software alone is not enough – customers must use a blended software protection”. If the industry stalwarts are insisting that anti-virus protection itself is not enough, then it is high time you pay attention to your security practices.
Is it Enough to Protect Your Computer Alone Against Virus Attacks? Think Again
Every technology innovation saw an exponential rise in vulnerabilities for cyber security threats. So is the case with social media, mobile technology, wearables, and cloud services. These services are not necessarily accessed via your computer. They are available on the go. Malware is no more restricted to attacking computers. It can attack anything that is connected to the Internet. So even if your anti-virus protects your computer, how secure are these new-age services? A Facebook malware was first detected as early as 2007.
In 2012, hackers focused their attention on social apps such as Pinterest and Twitter. Now, attacks have moved beyond installation of viruses on your computers. They have hijacked your social media accounts to send out malicious links of dangerous websites to your contacts. These attacks are now carried out entirely on your web browsers – your anti-virus can do very little to protect your web accounts.
Cloud services have similar concerns. Many businesses have moved their operations to the cloud. Hackers can steal your data from your cloud accounts. This data does not fall under the purview of your anti-virus software protection. You rely on cloud service providers to offer protection and if their defenses are not strong enough, you will be exposed to attacks. Thus, it is vital to choose a provider who also offers you protection from hacking attempts.
Some of the cloud services can even be accessed on your smartphone. How many of your employees use anti-virus protection on their smartphones? Malware for mobile devices has become a preferred target for hackers – with Android being the most attacked. If users do not take the same basic precautions on their mobile devices as on their computers, we can expect a repeat of widespread attacks, akin to the early 2000s.
What is the Extent of Your Loss?
A security incident today has a significant impact on your business. It will lead to a loss of client data, damage to your organization’s reputation, financial loss and, most importantly, impact your ability to continue work. Hijacked social accounts lead to loss of personal information which in turn affects your professional and personal life.
It is therefore crucial that you conduct a security vulnerability assessment to prioritize the risks to your organization. Will an attack on your network lead to the loss of personal or professional data? How will you respond if malware is sent to your clients using your employees’ official social media accounts? Will you lose a client’s business? By analyzing these questions, you will be able to identify the deficiencies in your network security management.
Conclusion
Anti-virus is undoubtedly an important security measure. However, it is not the only measure to hold the fort from hackers. While there is no ‘one-size-fits-all’ security strategy that will work for every organization, you can start by implementing smart practices within limited budgets such as firewall protection, data encryption, regular updates to operating systems, data loss prevention software, password managers, and training on social media practices to employees. By following these practices, you can at least reduce the risk of an attack. Better yet, have a security expert like ExterNetworks help you setup the right protection framework to give you a strong security posture.