3 reasons why cybersecurity fails
How businesses and home users can make improvements to protect themselves
The number of stories in the mainstream press about the devastation that hackers cause is proof enough as to who has the upper hand in the cyber war today. But there is still plenty that people can do to increase their protection by understanding the common failure points.
Clicking on links
It’s nearly twenty-five years since the likes of Melissa and I Love You hit the inboxes of millions of people, but persuading a person to click on a link is still a favourite trick of hackers. The only aspect that has changed is the payload. Most bad guys today are more interested in persuading people to give up their passwords or installing hidden software than spamming friends, colleagues and family with malware.
In an ideal world, anti-malware software will catch a malicious attack before it takes hold, but with hackers becoming ever more sophisticated in their creativity to dodge detection, user vigilance and education also play a part.
The large majority of ransomware attacks start with a phishing email and a malicious link or attachment. Once clicked, it may take the user to a fake site and persuade them to give up their credentials. Or it might install a Trojan downloader that then calls on another server to download something else.
Businesses that have a focused education programme, as opposed to just sending out alerts to users that are frequently ignored by busy departments, can help to mitigate the risk of a hacker gaining a foothold in their systems.
This can be further increased by restricting access to certain software programs or specific functionality, such as macros, to only those users that have a specific business need.
- Read more about the anatomy of a ransomware attack on page 12 of SE Labs 2023 Cyber Threat Intelligence Report
- Home users may appreciate SE Labs Bluffer’s Guide to Home Cyber Security for more tips and tricks on how to protect themselves and their friends.
Neglecting to patch systems
“Patch systems immediately” always sounds like easy advice, but for complex networks keeping up to date with patches can be a Herculean task. And patching throughout the network is important because with ransomware attacks, it isn’t as simple as just getting someone to click on a link. That is only the beginning. The full attack is a chain of events with several steps to get the attacker to the relevant endpoint before they run the ransomware code.
In some cases, a successful attack occurs not just because one system hasn’t been patched, but multiple. Businesses that take steps to improve cyber hygiene by prioritising patching help to not only mitigate the risk of a ransomware attack, but fix all sorts of other cyber security issues as well.
However, it is still possible that some systems can be compromised by a zero-day exploit that is either freely available or (increasingly likely these days) for sale. In such cases, reliable endpoint detection and response technology is paramount. Endpoint security that detects only known threats is not enough.
- Listen to the Cyber Security Decoded podcast where Jeremy Kirk of the Ransomware files discusses more about patching with Simon Edwards. Click on the chapter called ‘Zero days and patching”.
Relying on fake or unreliable advice in choosing security software
While established professional testers don’t always agree with each other, they use scientific methods to check that anti-virus software works properly. If they all agree that certain products are strong, users can be confident in choosing them.
But less rigorous reviews on the internet can be very misleading.
Some reviews are created by enthusiasts or journalists. Others are created by businesspeople who make money promoting anti-virus products and earn a commission when they sell one. Some reviewing organisations are even run by security companies that sell anti-virus products. An inferior product may lead to malware not being detected in time to save the user from potential disaster.
The best way to choose an anti-virus product is to check the reviews from well-known scientific testing organisations. Then consider the products that performed the best over a period of time, and which have features you personally care about. Price should also be a major consideration.
- Read more about making the right choice here.
Sign up to our monthly business and personal security newsletters.
Find out more
Free security test reports
Stay in touch
Discover how we work with large organisations and security vendors.
- Do you run a large organisation’s security infrastructure and want an assessment?
- Are you a security vendor that needs certification?
- SE Labs anti-virus certification can help security vendors access Windows Early Launch Antimalware (ELAM).
Please contact us now.