Six of the top fifteen threats in 2010 were from Malware. These vicious little programs are designed to do everything from breaking security protocols to logging the keys that your users are typing. In the “2011 Data Breach Investigations Report” as published by the Verizon RISK Team in cooperation with the U.S. Secret Service and the Dutch High Tech Crime Unit; the top two threats were both malware, the top threat was designed to forward data from your secured network and send it to a third party while the very close second level threat was created to allow a nefarious person to remotely access and control your computers.
Let’s look and see where it came from. Again looking at the Verizon report, the most common attack vector is from a remote hacker installing their malware on your machine after something like a firewall breach. This was followed by e-mail attachments and then infection from nefarious web-sites. One incident detailed in the report was a US Bank who late on a Friday afternoon had three internal employees receive an e-mail from the FDIC. There was an attachment to the email that didn’t open as expected, when Monday came around several million dollars were missing from the bank. Guess who’s access credentials were used by the hackers? You got it – those three employees.
So how do you protect yourself from this kind of malware? First and most importantly education. Your computer users need to know what is an expected operation on their computer and what is not expected. They need to know not to click on a web-site that says “scan your computer now” – they need to know that unexpected attachments in e-mails could be a threat to the security of the network. They need to know that if they suspect something – who to report it to, when to report it and what kind of information to provide. The also need to know that your IT Dept and the Administration, rather than retaliate through termination for a mistake, would prefer to patch the computer or plug that hole in the network – than come in on Monday and realize they are missing a couple million bucks.
The rest of the solution is to keep those security updates, patches, shims and hotfixes current , run that anti-virus and anti-malware software on a set schedule and check the generated reports for issues. (Of course, you’re keeping those virus definitions up to date, right?) Read those network and computer logs, so you can see that large spike in traffic from a computer that shouldn’t be phoning Southeast Asia and realize that something just might be amiss. And if you do suspect something has happened and don’t feel you have the skill-set to handle the issue internally, don’t be afraid to call a well trained professional early in the process.