Why Antivirus Software May Not Be Enough to Protect Critical Business Data
With the increasingly sophisticated cyber threats affecting businesses, antivirus software is becoming less and less effective. According to a 2017 Ponemon study, 77% of successful malware-based attacks used fileless techniques that could not be detected by traditional antivirus software. Some of these modern threats can easily evade antivirus software, and in many cases are personalized for a particular organization.
Antivirus technology protects against malware by scanning files and comparing them against a database of known malware. If a file matches either a known malware signature or it does something that the heuristic engine considers suspicious, the antivirus software will quarantine the file for later inspection.
While antivirus software can work well against malicious files downloaded from the Internet, it is not completely effective against the wide variety of threats that target businesses today. Additionally, many cybersecurity threats involve tricking a human into doing something which compromises security, commonly referred to as social engineering. In most cases, antivirus software cannot prevent these kinds of threat.
In this article, we will discuss some of these new-age cybersecurity threats while providing advice on how to defend against them.
As one of the most effective cyberthreats, email phishing attacks are hard to stop with traditional antivirus software. These messages trick users into entering credentials on illegitimate pages disguised to look like a vendor’s actual website. The best defense for this is the use of email gateways which employ techniques such as AI classification and URL rewriting to prevent phishing messages from ending up in inboxes.
With spear phishing, email gateways are less effective, since historical data is more useful in determining whether a message is malicious. API-based email defense which detects, and blocks targeted malicious messages based on historical data, is the best choice in this case.
Another common email-based attack is business email compromise, where an attacker impersonates a coworker or boss. These attacks cost organizations $1.77 billion last year alone, according to the FBI. Similar to spear phishing, API-based email defense which uses historical trends is the best way to protect users from these dangerous threats.
Fileless malware has increased in popularity over the last few years, with documented cases of attacks on enterprises around the world, according to a 2017 Kaspersky report. Most successful malware attacks today use fileless techniques. When malware injects its code into existing processes on the computer or runs using an interpreter like PowerShell, this is what is referred to as fileless malware. Conventional antivirus software which scans files on a computer’s hard drive will not be able to guard against this threat since there is no file to be deleted.
Endpoint detection and response (EDR) solutions are well-suited for detecting fileless malware and similar cyberattacks. By constantly monitoring the behavior of endpoint devices like laptops and mobile devices, EDR solutions correlate security events to potential threats much more effectively than traditional antivirus solutions.
Occasionally, antivirus software will fail to stop even relatively unsophisticated malware-based cyberattacks. This is especially true if the malware signature has not yet entered the antivirus vendor’s threat database. While most antivirus software utilizes heuristic technology to detect never-before-seen malware threats, this technology is approximate and many times inaccurate. Therefore, if an attacker uses a new type of malware, antivirus products will have a hard time detecting the threat.
As with fileless malware, EDR solutions are the best choice. An EDR solution has the capability to detect unusual behavior across an entire fleet of endpoint devices with much better accuracy than antivirus, owing to its richer data sources and more advanced threat intelligence.
Antivirus Itself Can Be Compromised
Even though antivirus software is not completely effective at stopping newer cybersecurity threats, some companies use it as an additional layer of security. While this is sometimes a good idea, antivirus software can increase the attack surface of a device, potentially providing a foothold for attackers to further compromise business security.
Respected Google security researcher Tavis Ormandy discovered that Avast contained vulnerabilities that could be used by attackers to gain access to secure computers. He reported that when old versions of the Avast antivirus product scanned specially-crafted files, the software could be tricked into running attacker-selected code. Not only did the antivirus software fail to stop a malware attack, it actually facilitated one.
While these kinds of vulnerabilities are rare and would likely only affect high-profile enterprises and governments, they are worth considering for organizations of all kinds. Even security software can be used to compromise an endpoint device if the software contains vulnerabilities.
Mitigate Threats with EDR
Cybersecurity attacks come in all shapes and sizes. Email threats, fileless malware, and brand new malware, are all attacks that antivirus software cannot stop. In some cases, the antivirus software itself is a major security liability. Endpoint detection and response (EDR) solutions are the best way to protect against many of these new cybersecurity threats.
With years of experience helping our clients protect their businesses against an evolving threat landscape, Outsource IT can strengthen your organization’s cybersecurity beyond antivirus software. Contact your Outsource IT account manager to learn more about our business IT security services.