SECURITY
INDUSTRY WATCH
Malware's growing threat to businesses.
Malware is a catch-all term that encompasses
viruses, worms, Trojan horses, phishing, pharming and other
similar threats. Malware is
a contraction of "malicious software". You have probably
noticed that in technology there is a contraction or an acronym
for everything.
So, what is the impact of malware?
A surprising number of organizations have less than adequate coverage
with anti-virus software on workstations. Few still have installed
anti-spyware software.
When killer viruses and worms sweep through organizations, often
the response is to get anti-virus software installed and updated
on all user workstations, but after the pain is forgotten, anti-virus
becomes a lower priority, and slowly the defenses fall into disarray,
leaving the organization vulnerable to another strike.
Some important trends are making diligence against malware more
important than at any time in the past.
- Malware is becoming more sophisticated
than ever before. Many new viruses and Trojans actually disable
anti-virus programs
and Microsoft Automatic Updates. Others install "key loggers" (see
the "term of the month" below), and still others
search for bank account information and relay it back to the
hacker's
hideaway.
-- A growing percentage of spam e-mail contains malware, making
it more likely for the curious to introduce malware onto their
workstation, and possibly into the rest of the organization.
-- More and more malware is being written not by teen-agers,
but professionals who are part of organized crime rings. Organized
crime goes where the money is, and they have discovered that
there is money to be made through malware and scams. For organized
crime, this is a low-risk, high-reward venture.
--
Malware is increasingly being targeted at specific organizations,
in order to obtain specific information such as customer data,
financials, etc., for industrial espionage, extortion, or theft
purposes.
The next section in this newsletter discusses a multi-faceted
strategy for protecting against malware.
BUILDING YOUR INFORMATION SECURITY PROGRAM
Part of a multi-part series
Part 5, Protecting Against Malware
The threat of malware has never been greater than it is today,
and even the most conservative estimates indicate that the
malware problem will become much worse in the future.
What can an organization do to protect itself? The answer:
plenty.
We suggest a strategy
that encompasses both technology and people.
On the technology front, we recommend that several measures
be taken, including:
-- Every workstation should have anti-virus software that
is configured to get virus list updates at least once per
day, and scans once per week. All workstations should have
the same brand and version of anti-virus software, which
will drive down the cost of software and greatly simplify
support.
-- Every workstation should have anti-spyware software that,
like anti-virus software, is configured to update itself
daily and scan weekly. As with anti-virus software, all workstations
should have the same brand and version of anti-spyware.
-- Every file server, application server, and print server
should have anti-virus software and anti-spyware software.
-- If your organization uses a Microsoft Exchange or other
central mail server, the mail server should have the type
of anti-virus software that is specially designed to work
with the mail server.
-- You might also consider blocking access to web-mail servers
that do not scan for viruses in downloaded attachments.
On the people front, we recommend that you put together
a formal security awareness program in your organization
that includes the following:
-- Educate your users to make sure that they thoroughly
understand the spam, spyware, and malware threat. Instruct
them not to open attachments from people they do not know,
nor in out-of-character messages from people they do know.
Similarly, users should not visit web sites indiscriminately,
especially those cited in spam messages.
-- Consider policies that forbid users from using personal
webmail such as Yahoo or Hotmail. Handle this carefully,
as employees who are disciplined will keep such usage to
a minimum, and the bigger webmail vendors such as Yahoo have
good anti-virus mechanisms.
-- Also consider policies that forbid those popular "thumb
drives" (also known as USB drives or flash drives),
and also iPods, digital cameras, other MP3 players and similar
devices. Not only can malicious code sneak into an organization
through these devices, but they can also be used by disgruntled
employees to spirit information out of the organization in
a way that is more difficult to detect.
When educating users on these matters, make sure that you
are not giving them the impression that they cannot be trusted;
instead, make sure that the emphasis is in the protection
of the organization's electronic assets. Stress how critical
these assets are, and cite examples of other organizations
that have suffered serious disruptions and even public embarrassment
because of malware attacks.
TERM OF THE MONTH
Key Logger: a software program that records all keystrokes,
and often mouse movements and clicks. The program contains
some mechanism for sending the captured data back to a central
location, where one or more persons examines it for valuable
information such as userids and passwords to financial service
institutions. Some key loggers can be virtually impossible
to detect, even by anti-virus software. This is because a few
key logger programs are used in legitimate matters such as
security investigations or even employee performance or quality
monitoring. Some of these programs are deliberately ignored
by anti-virus programs, but if misused, these nearly-invisible
programs can be used to illegally spy on individuals.
SUBSCRIPTION INFORMATION
Subscribe: newsletters/
Unsubscribe: newsletters/
Please allow 48 hours to process all subscription requests.
Contact us via e-mail at info@vantagepointsecurity.com or
call us at 425.454.5455.
