When it comes to these three common security choices, many companies may not realize how heavily they're relying on the luck of the draw.
Counting on luck is something you do at the craps table or when you play the lottery. It obviously isn't a position you want to be in with your company's security on the line.
Unfortunately, it's incredibly common for even large, well-funded organizations to take massive gambles by leaving elements of their security up to chance. In some cases, it’s simply a matter of not having enough time or resources to cover all the bases. In other cases — and this is more worrisome — it's a result of a fatalistic attitude toward security, a belief that because "compromise is inevitable" there's really only so much you can do. In the very worst cases, however, organizations may believe they're fully protected, only to realize after the fact that gaps in their current solutions and policies are forcing them to take much bigger gambles than they'd initially realized.
Is your organization actually secure from malware, or just hoping its luck won't run out?
Here are three of the most common risky mistakes companies make, along with a few cautionary tales and recommendations for safer bets.
Photo by Dave Gough
With the rapid proliferation of new and more sophisticated malware and attack techniques, IT pros are increasingly losing faith in traditional antivirus (AV) solutions. According to the Ponemon Institute’s 2017 State of Endpoint Security Risk report, less than a third of organizations believe their AV can stop today’s malware threats. In fact, 4 out of 5 organizations either replaced or augmented their existing AV solutions in 2017.
The problem is many AVs still only block specific malware samples that they've seen before, or that have been reported on sites like VirusTotal. New variants are able to evade detection, as are samples that utilize polymorphic techniques to make small, superficial changes to their code each time they land on a new machine. Malware authors have no problem cranking out new samples and utilizing various techniques to obfuscate them, and as a result, most AVs are stuck in a perpetual state of playing catch-up and being left in the dark until it's too late.
In a shift away from the signature-matching approach, NGAV and some AV solutions are now utilizing machine learning algorithms in order to help them predict whether a file is malicious or not, regardless of whether or not they've seen it before. To counter this development, attackers are increasingly adopting techniques that allow them to deploy their attacks filelessly, hijacking legitimate system tools and processes or executing malicious code directly in memory, instead.
That's a major problem since, with no file to scan or analyze, the majority of AV and NGAV solutions don't stand much of a chance.
According to Ponemon, 77 percent of successful compromises in 2017 involved the use of fileless techniques. Attackers know a winner when they see one, and this year one out of every three attacks is expected to utilize fileless techniques.
For years, AV solutions have been a cornerstone in protecting endpoints from malware. But more and more of today's attacks are bypassing antivirus, exploiting well-documented limitations in what AV is able to see and detect. To close the gaps AV leaves them exposed to, companies need to invest in stronger, smarter endpoint protection designed to block malware with a more modern approach.
You can learn more about the specific gaps in AV and NGAV coverage by downloading our AV Gap Analysis whitepaper. In it, you'll also learn how Barkly can help you close those gaps and actually get ahead of the game.
In addition to replacing or augmenting antivirus, there are several practical things organizations can do to reduce their exposure to attacks and render common malware delivery methods ineffective. We've collected these recommendations in our 2018 Cybersecurity Checklist, which you can download here.
Photo by Fred Marie
Every organization should be using backup. No organization should be using it as a substitute for good security.
Think of it this way — if you're go skydiving and your instructor says the primary parachute you're using fails all the time, but not to worry, you've got the backup chute, chances are you're not going to jump out of the airplane.
Backup can help save the day if you get infected with ransomware, but it's never going to be better than preventing the infection in the first place. For one thing, the ability to recover quickly and successfully from backup should never be taken for granted. According to a survey we conducted with victims of ransomware, 58 percent were unable to recover all of their encrypted data from backup.
Part of the problem is that backups can get infected and corrupted just like any other part of your network. In addition, if organizations don’t regularly practice actually recovering from their backups, they're making a lot of dangerous assumptions about how well things will work when it's no longer a drill.
Even in cases where data is successfully restored, the process of wiping, restoring, and bringing infected systems back online takes time and resources.
Backup is an extremely important part of disaster preparedness, but it's no replacement for strong security. Each of the attack victims referenced above would likely agree an ounce of prevention is worth a pound of cure. If there's one big takeaway from their stories, it's that equal investment in preventative security solutions and policies is the safer bet.
In terms of relying on backup, however, there are practical things organizations can do to help reduce inherent risk:
We can (and should) have faith in our colleagues. We can (and should) invest in training to help them be more aware of security risks and be savvier when it comes to avoiding them. But there’s a reason why they say “to err is human.”
Expecting any amount of effort, no matter how great, will completely shut the door on attacks that take advantage of user error isn't just unrealistic, it's also incredibly risky.
Malicious emails continue to be one of the most common attack vectors for a reason — they still work. Attackers have invested in making them increasingly sophisticated and realistic, in some cases even hijacking user email accounts to send their contacts new emails and replies they wouldn't have any reason not to open and click.
The current #ursnif campaign that sends the malware in replies to existing email threads is so effective.— Rodolfo Saccani (@rsaccani) March 20, 2018
The reply looks so legit that every day some recipients release it from quarantine and even report it to us as false positive, before getting infected themselves.
Once we accept that users will be users and mistakes will inevitably happen, the next thing organizations should do is accept that it isn't appropriate to put all the pressure on them to avoid and prevent attacks. The better move is to provide users with safety nets that proactively prevent and limit the possible damage caused by attacks that target them.
After all, begging users to stop opening email attachments only goes so far. There are other things organizations can do that they have full control of, including:
It may be tempting to rely on past good fortune to keep you out of harm’s way, but it only takes one attack to make you wish done more sooner. The good news is taking the steps covered here can help you avoid a harsh reality check when luck finally does run out.
Find out how Barkly can protect your organization with stronger, smarter protection (not luck). See how it works.
Get the latest security news, tips, and trends straight to your inbox.
Get the latest security news, tips, and trends straight to your inbox.