Maksim Kabakou - Fotolia

Security Think Tank: How to detect the undetectable?

How can businesses best prepare their cyber defences in light of the fact that attackers are increasingly using malware designed to evade detection and analysis?

Malware has always been one of the top cyber security concerns, with 71% of respondents to the (ISC)2 2015 Global Information Security Workforce Study citing it as a significant threat.

This shows no sign of abating, particularly as today’s malware is becoming increasingly sophisticated and difficult to detect.

The reality is there is no longer a one size fits all approach to security. To defend against the modern cyber threat, we need a multiple-faced approach, and not to fall into the trap of implementing one measure and assuming the job is done.

Antivirus software can easily be bypassed, which means that we need to think about defence-in-depth and monitoring-in-depth strategies.  

The following steps can help protect organisations against evasive malware:

Think through what potential malware attacks would try to accomplish, and then decide which approaches could be used to detect the symptoms.

For example, if malware could be used to capture and exfiltrate credentials, watch for unusually high levels of traffic and unusual IP addresses. You should visualise the connectivity between devices and servers, and between servers and servers, to see whether unusual or multiple connections are being made.

Encrypt your sensitive data (at the least) and consider two-factor authentication (2FA) or other forms of access control so that, even if the data is compromised, it still has a measure of protection.

Train your staff to report unusual or strange activities on their devices, which may be an indication of infection.

Look at white-listing applications and using hash functions to sign executables so that, if they are modified, they will not run.

Lock down your devices – do not allow local admin rights, for example – as this will help reduce the ability of malicious code to execute.

Consider controlling what data can be delivered to mobiles and tablets, for example, as these will have less protective mechanisms and may be easier to compromise.

Adrian Davis is managing director for Europe at (ISC)2. 

Read more on Hackers and cybercrime prevention