[BreachExchange] Why antivirus practices should never be allowed to stagnate

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 20 18:46:40 EST 2018


Any individual or company is at risk of a cyber-attack and without the
right protection in place, any computer or device can be vulnerable to
security violations - particularly as those levelling the threats use new
technology to enhance their methods of infection.

Consequently your antivirus practices should never stagnate and the
protection you have in place, should be reviewed regularly.

Attackers will always want your data

The nature of digital technology means that someone will always be trying
to obtain data they don't own to benefit from it. This can be anything from
bank details to commit fraud, to stealing confidential business information
and ideas.

Often compromised machines need to be wiped to stop the threat of viruses.
This causes unnecessary downtime for professionals so a proactive approach
including data back-ups are necessary so that you are prepared should the
worst happen.

The main methods of attack are by hackers distributing ransomware, malware
and trojans to compromise computers and make users unsuspecting victims.
The best response is to employ a layered defence of protection including
internet software security.

There is no single option that's going to protect you 100 percent. A good
defence relies on different hardware and software all doing their bit, as
with any type of layers the foundation is the key part, and this industry
is no different.

The changing landscape of threats

Even with a layered defence in place, it cannot be left to stagnate as the
nature of threats will change over time and older defences may not be
designed to combat new attacks.

In an ideal world the end user is knowledgeable on current threats, in a
position to check each and every link and able to anticipate the attackers
methods. In reality we are far from that. Antivirus (AV) software is where
the help comes from and it forms the very foundation of keeping the user

It will check each and every file opened, it can check and interrogate
internet traffic alerting or dealing with threats as they find them, but
like most software it needs nurturing or attention to keep it ongoing. It
needs to be kept up to date with the current attack methods, it needs to
know how to combat each attack vector and ideally do this all without user

Therefore, it is essential to understand your current set-up and update to
the latest versions as necessary. This is the best way to feel confident
your data is protected online. This should be combined with user training
in the software (some dashboards give advanced access), hardware and
industry knowledge.

Layered protection

Virus protection really is an ever changing battleground and an
organisation needs to be armed with the right tools to be adequately
secured. Always instal the latest updates, in addition to running the
latest broadband firmware on routers, avoiding unsecured public WiFi and
using secure passwords incorporating numbers, letters, caps and symbols.

Firewalls are also essential for commercial and residential computers, as
is spam filtering. These can be accessed as part of security suites, or by
an IT support service that will also provide 24/7 monitoring to neutralise
attacks as quickly as possible.

A recent reminder of computer vulnerability came in the form of the
security flaws dubbed Meltdown and Spectre, affecting most computers and
smartphones from the last 20 years. The flaws meant that attackers could
access passwords and business-critical documents via the memory in a

If you suspect your anti-virus protection and cyber-security is lacking,
take action as soon as possible to avoid the worst case scenario of having
data and machines compromised, in addition to having money stolen. Software
and the supplemental practices around security can be cost-effective and if
you have data worth stealing, you can't afford to leave it unprotected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180220/9fc26a42/attachment.html>

More information about the BreachExchange mailing list