Posted on September 4, 2020 by Louise Howland
Unfortunately, it has become the norm to be a cyberattack victim. Sophos recently conducted an independent survey of 3,100 IT managers across the globe, they discovered more than two-thirds (68%) of organisations say they were hit by a cyberattack in the last year. To add insult to injury, the average number of incidents experienced by organisations that fell victim to a cyberattack was two, with 10% of organisations surveyed reporting four or more cyberattacks in the last year. This suggests that many organisations have ongoing weaknesses in their defences that are exploitable.
Time is of the essence during a cyberattack, from spotting the breach to reacting to it, to mitigating damage; the faster an organisation can react the better the outcome. In the Sophos survey, organisations were asked how long it took to discover the most significant cyberattack they had suffered in the last year. For those that knew the answer, the average was 13 hours. Clearly 13 hours is a huge amount of time for a hacker to have uninterrupted access to your systems and data. In this amount of time, a cybercriminal can wreak significant damage, including ex-filtrating sensitive data, stealing credentials, installing money-stealing Trojans, installing ransomware, and more.
Another issue raised by the survey, was often organisations can’t plug gaps in their security as they can’t identify the gaps in the first place, 25% of SME’s said that they are unaware of how the most significant cyberattack to hit their organisation got in. This explains why organisations are suffering from repeated attacks and they don’t always close security gaps after an attack as they are unaware, they exist!
Antivirus (AV) is a product that should not be skimped on. You really do get what you pay for, and IT managers looking to score brownie points with the FD, might be tempted to run for the cheapest product on the market. But not all AV products were created equally! A commercial grade product will:
1. Stop known threats
The historic function of AV solutions is to detect, stop or quarantine a known threat to a system. Referring to existing signatures (think digital stereotypes) your antivirus will identify files that match a certain profile. This is why it is really important to keep your AV up to date, so that the latest known threats are identified as soon as possible.
2. Stop unknown threats
Using an advanced form of machine learning, deep learning technology enables the detection and removal of advanced malware, even if it has never been seen before. A deep learning malware detection engine examines the “DNA” of a file and compares it to the known universe of malware to detect threats that otherwise may go undetected.
3. Block ransomware
Ransomware is a specific type of malware, which encrypts a user’s or an organisation’s files, and then demands a significant ransom in order to decrypt the files. It works quite differently to a typical virus and the trojan code is often not spotted by traditional Antivirus products. A commercial grade solution should detect not just a virus, but also suspicious behaviour. In the case of ransomware, the AV solution should detect that files are starting to be encrypted, should stop the process, and ask the user to intervene and confirm this was a genuine action, with the ability to reverse the changes if it was indeed malicious.
4. Deny attackers
Exploit techniques, that take advantage of a software vulnerability or security flaw is one of the most common tools used by attackers to compromise an organisation. A commercial grade AV solution blocks these exploit techniques to stop these attacks before they can even begin.
5. Internet Filtering
With more and more users working outside of the protection of their main office and network, modern commercial AV solutions can now also protect your users from malicious code contained in adverts and webpages too. By scanning the internet traffic that is being sent from and received by external websites, as well as the files on your system, you can prevent malicious code being downloaded on to your computer and prevent sensitive information from leaving it too.