This post is also available in: German
The threat of malware across the world continues to escalate. According to Bitkom, every second Internet user was a victim of cybercrime in 2018. Effective protection is essential for businesses. But many are still unaware of the scale of this threat. The automation of IT security can resolve the problem with reasonable effort.
Many companies still see malware protection as firewalls and antivirus solutions. However, new, unknown malware threats (such as zero-day attacks) confront companies increasingly. These can neither be prevented by firewalls nor antivirus solutions. Performance and productivity suffer under the usage of overly “aggressive” antivirus solutions. Not to mention the fact that unnecessary administration costs are incurred. Many malware measures only inform the user about suspicious activities. But do not automatically eliminate them.
Lack of automation means many vulnerabilities for malware to exploit
Malware has become an increasingly popular tool among cybercriminals. The success rate of attacks at present is high. Perpetrators gain an average of USD$100,000 in revenue per month with “Malware-as-a-service.” This also increases the number of new threats.
Endpoints in particular are a gateway through which malware enters networks. Conventional measures such as virus scanners and firewalls do not provide adequate protection. Cybercriminals often find a means of access when they target specific organizations in particular. E-mail attachments, apps, banner ads, and even conventional business software can serve as different routes of infection. Employees are often the target of cyber criminals who use phishing messages to exploit their good faith. Malware comes also through manipulated devices such as BadUSB.
New malware variants make automation more necessary than ever
Modern malware has many different ways of manifesting and camouflaging itself. Conventional viruses, worms, and trojan horses are virtually a thing of the past. Many modified variants of malware now exist. Such as cryptomining, fileless malware, and keystroke logging. The most common problems associated with them include:
- Data theft and data loss
- Restriction of system functionality
- Business interruptions
- Remote access
- External control by bots and formation of bot networks
- Manipulation of complete systems
Automation for effective protection
The first step in fighting malware is getting a system that immediately detects infections. But automated security measures are the only way to detect and eliminate previously unknown malware in the shortest possible time. Each incident must be classified by the system according to its pattern. It is also necessary to intelligently combine different patterns of the software. The corresponding reactions then take place automatically and without manual intervention.
The difference between this solution and conventional defense measures such as firewalls and antivirus tools is that it does not check files, but the behavior of malware instead. Post-infection protection detects anomalies efficiently and quickly. This also saves resources, since no manual work by employees is necessary.
Reduce attacks with automation
Interfaces and applications should be inspected and filtered to reduce vulnerabilities. We recommend solutions for device control, application control, firewalls, and anti-phishing. However, if malware gets into the company, it is important to use pre- and post-infection solutions. Incidents of this nature should be notified and handled as incidents in SIEM and Service Desk applications. You should make sure that the solutions are not stand-alone solutions. But that they serve as an optimally coordinated ecosystem. This reduces operating costs and increases efficiency.
The risk posed by malware threats is increasing. This means that we all have to rethink this issue. IT infrastructures are becoming increasingly versatile and complex. Protection by means of antivirus solutions alone is no longer sufficient. A holistic safety concept has to take center stage. Most attacks originate from end devices. Which means that protection must be stepped up wherever data is processed and stored.