How to prevent malware breaches with teamwork
Enterprises today are engaged in a never ending arms race with malicious and criminal attackers who craft malware designed to infect systems and networks – and remain unnoticed the entire time they’re doing it.
The attack codes they use today are largely more clandestine versions of what security professionals have been battling for some time: application and operating system exploit code, traffic sniffers, bots, Trojans – whatever works to achieve the designed goal, whether that is exfiltration of information, disrupting system access, conducting medical identity theft, or stealing financial account info and intellectual property.
Advanced malware attacks are no longer rare; they are the norm
In Bitdefender’s interviews with incident response teams and CISOs, it’s clear that more and more organizations today are dealing with custom or advanced malware somewhere on their networks.
Most consider it either inevitable that they will be breached, or assume that they are always breached and protect systems and networks accordingly. The ability to detect and respond to breaches is what will set organizations apart from those who are not able to quickly spot incursions and mitigate breach damage.
Unfortunately, the fact is that most organizations still don’t have the ability to respond to successful breaches or malware infestations. Most simply wipe infected endpoints, install what they hope is a clean image, and send the system back out to the front lines.
The problem is that the root cause is never uncovered. So what actually occurred remains unknown and they don’t learn what, if anything, the target of the attacker may have been. And if any data were stolen, any such evidence was likely wiped with the fresh install.
Nothing about this outdated approach is particularly helpful. The enterprise never finds the infection vector in the attack, and they move on, hoping they've plugged the breach. Conversely, the information gathered from a breach investigation will detail whether an attack was successful, how successful it was, what the motivation may have been, how the malware functioned, and all of the associated information that would be useful to protect the organization in the future.
Why have enterprises not done better with responses?
One reason is that incident response is difficult, and the benefits are hard to quantify, making it difficult to justify amidst all of the daily fires the security teams have to extinguish.
But one of the biggest reasons why effective response isn’t attained by many organizations is that it requires considerable collaboration among teams outside of security groups. It can involve application owners, developers, corporate communications and PR, operations, business leaders, legal, human resources, and more. If these groups don’t know how to work together in advance, they certainly won’t be able to work together in the heat of an emergency.
What does it take to build a capable incident response program?
It starts with having the right tools and skills to identify and analyze the breach. But it requires more than just that. An enterprise can have great tools and great people who know how to use them – but without the right plans and processes in place, they won’t be able to sustain their efforts in the long run.
When dealing with a breach that is mandated to be reported publicly, it’s going to require those teams mentioned above to know the data breach drill. If you want to learn more ways to defend your company against malware breaches, check out BitDefender in the ConnectWise Marketplace.
This post was contributed by internationally-recognized information security and business technology writer, George V. Hulme.