If there was an immunization for cancer, would you get it? Of course, you would. It makes sense to focus on prevention when it is possible. Unfortunately, this immunization doesn’t exist.
What does this have to do with cyber security?
PC Matic CEO, Rob Cheng, has shared his views of ransomware and believes it is cancer spreading throughout our nation. Although there isn’t a vaccine for the medical form of cancer, there is one for cancer that is growing in the IT industry.
According to the National Law Review, a new organization will fall victim to ransomware every 14 seconds in 2019. The mentality of “if this happens..” is no longer relevant. Without proper protection, it will happen and businesses likely will not be prepared.
What is “proper protection”?
The general answer provided by several IT experts is something called endpoint detect and response (EDR). This method will have several different layers, but to keep it surface level — it does exactly what it says. An EDR solution will detect when the malware hits, and respond accordingly. This may include shutting down devices, tracking what the malware touched, and how it infected the network.
Now, I like a good bandaid too — but I’m not about to infect myself with cancer with the expectation a bandaid will put me in remission. Yet that is exactly what businesses are doing with their cyber security. It doesn’t make sense.
If a business is infected with ransomware, the hackers have already infiltrated the network and encrypted what files they could. Operations are still impacted, revenues are still lost, and reputations are still damaged. Why not prevent the infection, to begin with?
But is that really “proper protection”?
No. Here’s why.
Recently Kim Komando wrote why antivirus solutions aren’t enough. Her suggestion? Get a Fix Me Stick. Apparently, they are a top seller to remove viruses after they’ve infected the network. Again, neat bandaid – but where is the focus on prevention? Here are her three reasons why an antivirus is not enough:
- New viruses are released every day. – This is entirely true, and many antivirus solutions can’t keep up. However, if you use a security solution that uses an application whitelist, it will only permit known trusted solutions to run. Therefore, regardless of how many new variants are released, they will never be a good file — therefore, they will never run on a device using application whitelisting.
- You don’t have to do anything wrong to get infected. – This is also true. There are several malware variants that will execute without the user clicking on anything. However; this too is resolved by whitelisting. Even if the user doesn’t click on a link or ad, once the malware attempts to execute, it will be blocked because it is not a known, trusted file.
- Targeted attacks can bypass traditional blacklisting antivirus solutions. – You are likely catching on by now, but in case I need to repeat myself — this too is resolved by a solution that uses a whitelist solution as it’s primary method of malware detection. A blacklist allows any unknown file to run, including unknown malware files. Unfortunately, it is impossible to keep up with the latest viruses, so as long as businesses continue deploying blacklist antivirus solutions, they will continue to fall victim to cyber threats – including ransomware.
So, I will ask again – When it comes to cyber security do you want a bandaid or an immunization?
1,743 total views, 2 views today