In the present day world of zero-day attacks, an anti-virus solution alone is not enough to protect your enterprise systems. Not only have the number of cyber threats increased but so has the complexity and modes of attacks. It could be confidently stated that any device connected to the internet is not completely safe from malware attacks.
Lately, we have encountered complex attacks such as the “WannaCry” ransomware attack and “NotPetya” attacks that involved malware with multiple capabilities – worm, Trojan, spyware, ransomware, etc.., Further, some of the already dangerous malware were actually even more dangerous. Data wipers/destroyers were released under the guise of ransomware.
Cyber War, Cyber Espionage, and Organized Cyber Crime
And nowadays we don’t just have a hacker or script kiddie or a college dropout hacking for fun – it has become a very serious business that organized crime is well embedded in this network. Cyber war and cyber espionage are other avenues that nation states indulge in nowadays. The war of the future will be in the cyber world.
As an individual user or as the IT security administrator of an enterprise it is your responsibility to ensure the security of your enterprise. Most cyber security experts recommend the use of an antivirus solution. A basic antivirus solution may not stop all types of malware. However, it will offer some level of protection. Some antivirus solutions may not block all adware based on the rules that it follows. Another important factor is that these solutions must be kept always updated with the latest definitions and program updates.
Operating System and Application Updates
Additionally, the operating system must also be kept updated with the latest security patches. Many administrators defer immediate updating or automatic patch updates, as sometimes updates have crashed the computers (bricked) and other IT devices leading to irrecoverable loss of data. IT administrators typically take the time to check out the effect of OS patch updates before installing them. This is the correct approach in many ways as updated OS may not support or work correctly with other existing applications on the system.
However, consider the WannaCry and NotPetya malware attacks – these malware targeted outdated operating systems; further, knowing about the vulnerability, Microsoft had released patches earlier this year. Computer systems that had installed the patches were safe from these two malware and other ransomware attacks. Microsoft states that users who had updated to Windows 10 and were running the latest version were safe from such malware attacks.
While regular updation of the OS, applications and the antivirus software does offer protection – it cannot be considered as the last word. The threat of unknown files infecting computer systems through zero-day exploits is huge and cannot be overlooked. In fact, most major cyber attacks have been based on zero-day exploits. In order to address such threats, an antivirus solution with a default-deny approach must be installed.
An effective default-deny approach will help ensure protection from zero-day exploits and evolving threats.