Despite the cybersecurity industry advancing at a promising rate, malware continues to plague organizations. In fact, it was found that the majority of data breaches have happened after a malware infected attachment entered the system: this accounts for almost two-thirds of all malware attacks and with no indication that attackers are taking their foot of the throttle, this figure could further increase.
Preventative action needs to be taken but with security teams and resources spread thin, what more can organizations do to enhance their security?
The modern hacker understands the naivety and unsuspecting nature that consume many within an organization. If an enterprise has a thousand employees, it only takes one to open an infected attachment for the malware attack to be successful. The numbers game, as it stands, is in the hacker’s favor.
These malware infested attachments are mostly sent via email and aimed at duping the unsuspecting victim to provide information or click a bogus link. Because of this, organizations must take a proactive approach to help employees recognize a suspicious email and through the proper channels, these threats can be significantly reduced.
Check for obvious signs
A starting point would be to educate the workforce on how to identify a potential phishing email. This includes scanning the email for obvious spelling mistakes; if the senders email is unrecognized, or the email urges you to provide critical information like a username, password or financial details.
Approach every unknown email with an air of caution and if it looks too good to be true, there’s probably a good reason why. Once an email has been flagged, a process should be in place for individuals to report the item to the relevant security teams so that it can be properly examined.
While educating the workforce will make them more aware, security is about layers so an additional line of defense is required. A basic solution that should be mandatory for every organization to have is anti-virus. This enables the user to filter/scan emails and attachments as well as offer overall protection to PCs, but this alone will not suffice in dealing with more advanced attacks.
Security tools
Using existing malware is a common tactic used by cyber criminals, so patching and regularly updating operating systems is a critical component of security. This will help to deter known malware attacks as well as fix known system flaws. Patching needs to occur as soon as it is available as delaying this leaves a large window of opportunity for the organization to be attacked.
A tool highly touted to reduce the impact of a malicious email is application whitelisting. By restricting which applications are operational and limiting the access certain email accounts have, will ensure that malicious emails do not interact with important servers.
Furthermore, implementing an email validation system such as the domain-based message authentication, reporting and conformance (DMARC) will also be beneficial in refining and removing signs of email spoofing.
This mechanism is regularly used by larger organizations, for example HMRC claims to have stopped 500 million phishing emails since implementing the protocol, and it is also a feature implemented by many ISP and email providers.
Sandboxing is another strategy many use to filter emails before they reach servers and can help identify unknown attachments that are malware infected. Although this can be useful, its effectiveness may be declining since many of the new stains of malware created are designed to dodge sandboxing detection.
The defense methods mentioned will do a great deal in reducing the success rate of a malicious email getting through the system, but there is always more that can be done.
Hackers are forever evolving their attack methods so, by implementing the strategies above and incorporating a solution that continuously monitors and patches known vulnerabilities will ultimately result in a stronger defense and less successful malware attacks.