Eric Vanderburg

New and creative security threats may grab headlines, but smart security practitioners know that many attackers still rely on the tried-and-true methods, and they protect themselves from these threats accordingly. The challenge some IT security experts face is in maintaining awareness of threats to which users have grown accustomed. Malware has been around for decades now, and in the technology world, a decade is a long time. Despite malware becoming more sophisticated, the average person is used to getting infected — to the point that it’s seen as a mere nuisance rather than a threat.

Did you know that according to the Anti-Phishing Working Group, one in three computers is infected with malware? The same group reports that new malware is being created at a faster rate with nearly 160,000 malware samples discovered each day last year. Like the common cold, malware is familiar and seen as an inconvenience by most people since the effects of malware are mostly hidden from the user. While Trojans, which make up almost three-quarters of malware, steal data from computers, users can only see the performance impact malware has on their machine.

This lack of visibility to the threat is partially due to the nature of digital information since information can be copied without damage. Unlike the theft of items from a home, information theft is not as easily noticed by end users because the original information is still left in place, unaltered. So what is the real threat?

Data breaches and botnets

Data breach risk and the level of botnet activity are directly correlated, according to a recent study by BitSight. A botnet is made up of malware residing on many machines that act in unison and receive common instructions. In essence, a higher amount of malware in an organization puts it at higher risk for a data breach. And these days, breaches make the news.

Security practitioners focus on two areas to combat this threat: security controls and training. Security controls such as antivirus software, Internet and spam filters and firewalls can prevent some malware from entering a facility or from propagating. When not prevented, systems such as intrusion detection, monitoring and alerting, and event collectors can detect anomalous behavior and alert team members to the potential presence of malware.

Some systems rely on signatures to identify malware. Signatures are an effective way of screening known malware, but they provide almost no defense against new, unclassified malware. These threats must be addressed through heuristics and anomaly-based detection. Heuristics looks at the way software works to identify potential malware. For example, a process may not match a known signature, but it could be flagged by a heuristic scanner if it replicates or performs reconnaissance. Anomaly detection considers a baseline of how a system or network functions and identifies behavior that is outside the norm. More-advanced detection systems may build on the baseline over time through machine-learning techniques to continually improve on the model.

Steps to a secure workforce

This large array of technical controls can often make companies feel safe, but they are most effective when combined with employee training on how to safely and securely use computing technologies. The first step is to assess your workforce to determine the areas where training is most necessary. Some organizations may have a wide range of security awareness levels so some may need more introductory training on how to safely use the Internet, what malware is, how to notify personnel of a breach or how to recognize phishing while others may be more suited for a more advanced discussion on computer security.

It is important not to confuse technical computing knowledge with security knowledge. Sometimes those who are most computer savvy are most vulnerable because they take technological risks that others would not take or they circumvent existing controls in the belief that this makes them more effective.

Malware should make us uncomfortable. It can be a threat, and threats create pain. It is unfortunate such a threat has persisted so long that some have become numb to it, but we need to take malware seriously. The key to preventing the next breach lies not only in effective technical controls but with an educated workforce that knows how to work safely and securely with organizational technologies.