6 malware trends that Office Managers need to watch
Every year, cyber criminals evolve their tactics to combat strategies preventing their attacks, and an increasing number of systems and data are put at risk. The AV-TEST Institute has registered over 375 million new malware programs in the past 12 months – that is over 390,000 malicious programs every day!
For an impressive but daunting visual of the very real prevalence of cyber attacks, one only needs to glimpse the Norse Attack Map for a couple of seconds. New sophisticated methods mean organisations must not only have systems in place to prevent old styles of security breaches, but they need to stay on top of trends to prevent attacks from new ones as well. The following is a list of trends, both old and new, that Office Managers will want to watch out for.
1. Automated mass exploit
Despite their anonymity, hackers are still human. This means that all the work they do, including identifying targets to attach, takes a good deal of time and effort. Expect this to change with automated and increasingly sophisticated processes doing the hard work, resulting in wider cast nets that catch as many victims as possible with minimal effort. To combat this, automated security systems will need to be explored and deployed, with less focus on manual strategies.
2. Cloud data compromised
As more organisations embrace the cloud, more data becomes available online, attracting increasing attention from hackers and cyber thieves. Eager to keep ahead of the trends, companies are embracing the cloud without full awareness of the risks involved, with Netscope reporting, of the 700+ cloud apps being used by organisations, an incredible 91.9% aren’t enterprise-ready, and are leaving data vulnerable.
Implementers of security protocols are having a difficult time keeping up with the necessary checks and balances or the amount of breaches. Breaches are expected not only to rise, but many will go unnoticed and unreported for months, possibly years.
3. Continued growth of botnets
The use of botnets will continue, with infected systems still propagating spam, click-fraud and DDoS attacks. They’re cost-effective, efficient and easy to program, with computers infecting computers. Tightening administrator privileges, installing firewalls, installing host-based intrusion preventions, reputation-based filtering, using a proxy server for outbound traffic and monitoring DNS queries are some of the ways you can mitigate the risks.
4. Socially engineered phishing attacks
“Dear Customer.” You’ve no doubt come across this greeting in your spam folder. In the first quarter of 2015, spam constituted 59.2% of email traffic. Such emails are adopting the forms of social media platforms, posing as a user’s friend to entice them.
Another trend is that of piggy-backing, in which hackers leverage news of an attack to contact users, warning them their information may have been violated, urging users to click on a false link to update their details.
5. Two-factor authentication to be compromised
Attacks on mobile-based two-factor authentication are expected to rise the more predominant its use for security becomes. Smartphones are a major security risk, with many users unaware of just how vulnerable they can be. The simultaneous attack of both a user’s smartphone and primary computer can compromise two-factor authentication. As more users adopt two-factor authentication, its effectiveness will enhance but so too will the allure for attackers.
6. Web-based malware
One of the largest prevailing threats will still be users visiting rogue or compromised sites that automatically infect their computers or devices. In 2014, international software security group Kaspersky Lab investigated data shared with them by customers using Kaspersky’s malware protection, Kaspersky Security Network (KSN). The investigation showed Kaspersky Lab products records had detected and prevented a total of 6,167,233,068 threats.
Ensuring web browsers and virus detection software are up to date is a good start against malware threats, as is configuring your spam filter to detect and catch suspicious emails. It is also crucial to educate users within your company as to how to recognise suspicious sites and emails.