SE Labs

Special Edition
Computer security testing comment and analysis from SE LABS Ⓡ

3 reasons why cybersecurity fails

How businesses and home users can make improvements to protect themselves

The number of stories in the mainstream press about the devastation that hackers cause is proof enough as to who has the upper hand in the cyber war today. But there is still plenty that people can do to increase their protection by understanding the common failure points.

Clicking on links

It’s nearly twenty-five years since the likes of Melissa and I Love You hit the inboxes of millions of people, but persuading a person to click on a link is still a favourite trick of hackers. The only aspect that has changed is the payload. Most bad guys today are more interested in persuading people to give up their passwords or installing hidden software than spamming friends, colleagues and family with malware.

In an ideal world, anti-malware software will catch a malicious attack before it takes hold, but with hackers becoming ever more sophisticated in their creativity to dodge detection, user vigilance and education also play a part.

The large majority of ransomware attacks start with a phishing email and a malicious link or attachment. Once clicked, it may take the user to a fake site and persuade them to give up their credentials. Or it might install a Trojan downloader that then calls on another server to download something else.

Businesses that have a focused education programme, as opposed to just sending out alerts to users that are frequently ignored by busy departments, can help to mitigate the risk of a hacker gaining a foothold in their systems.

This can be further increased by restricting access to certain software programs or specific functionality, such as macros, to only those users that have a specific business need.

Neglecting to patch systems

“Patch systems immediately” always sounds like easy advice, but for complex networks keeping up to date with patches can be a Herculean task. And patching throughout the network is important because with ransomware attacks, it isn’t as simple as just getting someone to click on a link. That is only the beginning. The full attack is a chain of events with several steps to get the attacker to the relevant endpoint before they run the ransomware code.

In some cases, a successful attack occurs not just because one system hasn’t been patched, but multiple. Businesses that take steps to improve cyber hygiene by prioritising patching help to not only mitigate the risk of a ransomware attack, but fix all sorts of other cyber security issues as well.

However, it is still possible that some systems can be compromised by a zero-day exploit that is either freely available or (increasingly likely these days) for sale. In such cases, reliable endpoint detection and response technology is paramount. Endpoint security that detects only known threats is not enough.

Relying on fake or unreliable advice in choosing security software

While established professional testers don’t always agree with each other, they use scientific methods to check that anti-virus software works properly. If they all agree that certain products are strong, users can be confident in choosing them.

But less rigorous reviews on the internet can be very misleading.

Some reviews are created by enthusiasts or journalists. Others are created by businesspeople who make money promoting anti-virus products and earn a commission when they sell one. Some reviewing organisations are even run by security companies that sell anti-virus products. An inferior product may lead to malware not being detected in time to save the user from potential disaster.

The best way to choose an anti-virus product is to check the reviews from well-known scientific testing organisations. Then consider the products that performed the best over a period of time, and which have features you personally care about. Price should also be a major consideration.

  • Read more about making the right choice here.

Sign up to our monthly business and personal security newsletters.

Featured podcast:

Find out more

Free security test reports

Stay in touch

Get tested

Discover how we work with large organisations and security vendors.

  • Do you run a large organisation’s security infrastructure and want an assessment?
  • Are you a security vendor that needs certification?
  • SE Labs anti-virus certification can help security vendors access Windows Early Launch Antimalware (ELAM).

Please contact us now.

About

SE Labs Ltd is a private, independently-owned and run testing company that assesses security products and services. The main laboratory is located in Wimbledon, South London. It has excellent local and international travel connections. The lab is open for prearranged client visits.

Contact

SE Labs Ltd
Hill Place House
55A High Street
Wimbledon
SW19 5BA

info@selabs.uk

Press