Maksim Kabakou - Fotolia

Security Think Tank: Addressing the malware arms race

How can businesses best prepare their cyber defences in light of the fact that attackers are increasingly using malware designed to evade detection and analysis?

Malware propagation is a bit like sales. Success can come either from playing the numbers game or by taking a more strategic and focused approach.

There are pros and cons for each approach and they will be guided by the product/malware and the client/target, among others.

In the second quarter of 2015, security firm Tripwire noted that there were more than 500 evasion techniques used by malware.

To improve the chances of malware reaching a target, malware writers use a polymorphic approach, which means several evasion techniques are used to avoid detection.

While the technological arms-race between malware and security developers continues, foreseeably in perpetuity, the heart of the problem is much closer to home – the individuals who click on links or download content from untrusted sources.

Security firms are increasingly employing heuristic, behavioural and predictive technologies to counter the malware threat.

Human interaction

While technology plays an important part in protecting organisations and individuals against malware, there comes a point where a human interaction takes place and this is when malware is realised.

In quarter three of 2016, security supplier Duo released a free phishing simulation tool called Duo Insights, allowing security teams to launch dummy phishing attacks against users in their organisation.

The resulting information can be used to support awareness and education campaigns. To date, Duo has reported there has been a 17% success rate across 400 campaigns and 1,1000 recipients. That is enough to make any security manager worry.

Enhancing ‘prevent’ and ‘protect’ strategies

While antivirus (AV) is effective at preventing malware propagated through email, it is less effective at tackling malware that has come via the internet. Recognising the changes in how malware gets onto the network and devices is key in developing a protection strategy.

Following the lead of Netflix and ditching AV completely is risky, especially considering that AV still proves its worth.

Understanding where the biggest threats to the organisation are coming from, such as the internet, allows effort and investment to be focused in the right place. A multi-tier approach combining AV, firewall and endpoint security is, for most organisations, the foundation of their security approach.

The human factor is an often cited as the greatest weakness and a lot of money is spent mitigating against users who either do not know or do not care about security, or just make a simple error of judgement.

There are several good organisational behaviours that can reduce malware risk associated with people:

  • Ensure that individuals understand their responsibilities for information security.
  • Operate security awareness and training initiatives.
  • Demonstrate leadership commitment to security initiatives.
  • Test staff and use results to inform awareness and training.
  • Provide incentives for staff to act responsibly and cautiously.

In a nutshell

Malware has been reported since the 1970s and will continue to persist and develop. Effectively responding to the threat of malware also happens to mirror good information security practices:

  • Understand your assets and the threats to the organisation.
  • Use a multi-tier approach to security that focuses on the most relevant risks.
  • User education, awareness and testing should be a continuous process.
  • Security policy must be enforced on all endpoints, company-supplied or BYOD.
  • Firewall rules, AV definitions and endpoint patches must be kept current.
  • Have an incident response capability that can provide a fast and defined response to a security event.

Alex Ayers is co-founder and consulting director at Turnkey Consulting.

Read more from Computer Weekly’s Security Think Tank about defending against evasive malware

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close