Malware is a big cyber threat to any business, big or small. An attack can be devastating to your systems and data, not to mention your brand reputation. Therefore, leaders must consider what level of protection is needed to defend against these threats and look at all elements of their cyber essentials plan.

What is malware?

Malware is short for malicious software - things like computer viruses, worms, spyware, and ransomware. Their purpose? To infiltrate a computer system without the owner's informed consent and with the aim of making money illegally through fraud, extortion and identity theft.

The data backs up the idea that malware is absolutely a real and present issue for UK businesses, with reports that a quarter of UK organisations were victims of ransomware in the past year. SonicWall states that despite a decline in malware attacks, ransomware volume shot up by 195% in the first half of 2019 with the UK being the second most attacked country in the world.

The UK government is also helping businesses via the Cyber Essentials scheme, which has been set up to help organisations understand the nature of modern cybercrime. The scheme offers a clear-cut cyber security strategy to organisations of all shapes and sizes.

Anti malware can help prevent malware attacks by scanning all incoming data to prevent malware from being installed and infecting a computer. But there is more to the story, as anti-malware alone is not enough to offer full protection.

How does malware attack?

Usually, the most common way malware will be installed on your device is through a phishing attack. An example of this is when you receive an email from someone pretending to be your bank or another trusted institution asking you to open an attachment or click on a link. If you do click on that link, malware will attempt to install itself on your device.

Clicking on an advert that appears on a website or downloading software from a non-manufacturer approved source is another common way to infect a computer device with malware. Removable storage devices such as a USB stick can also bring a malware infection.

If you are hit by a malware attack presented as ransomware, you'll be prompted to pay a ransom to get your data back. But this threat is not to be trusted as often after the ransom is paid, the files are not decrypted. This is known as wiper malware. For these reasons, it's essential that you always have a recent offline backup of your most important files and data.

The different types of Malware

Oh, settle in and take a deep breath because there are quite a few! The list is quite extensive, which just highlights the importance of a well-rounded, fully planned strategy to protect your organisation.

Types of malware include:

  • Ransomware
  • Zero-day Attack
  • Computer Worm
  • Rootkit
  • Zip bomb
  • Backdoor
  • Logic Bomb
  • Pop-up Ad
  • Adware
  • Pharming
  • Dialer
  • Polymorphic code

Protecting your devices with Cyber Essentials

So, how do we protect important operating systems and devices?

At The Missing Link we recommend five main defences, which are also the five main strategies recommended by Cyber Essentials accreditation.

Anti-malware software

Anti malware software will monitor your device for any malicious activity, and if it finds anything, it will destroy it before it causes any harm.

Many operating systems have anti malware already installed, but you absolutely cannot rely on this. You will need to ensure you have a system for applying anti malware software, and this will include purchasing a third-party malware protection software to be fully protected.

Sandboxing

Application sandboxing refers to a strategy of software development that isolates applications from other system resources and programs. By limiting the environments in which certain code can execute, you can prevent unauthorised access to other resources unless permission is explicitly granted by the user.

Application whitelisting

This allows you to manage a list of approved applications that are allowed to run. This is a good strategy because by creating a list of trusted applications and allowing only those apps to run on managed devices, you are adding an extra layer of defence.

Patching

Patching allows you to keep the software on computers and your network devices up to date, which then means your systems can resist low-level cyber-attacks.

Firewalls & Secure Configuration

Firewalls are a great defence as they can monitor incoming and outgoing network traffic and then decide if the traffic needs to be allowed through or blocked. Coupled with a secure configuration strategy, where certain security measures are implemented when building and installing computers and network devices, you can then be reassured that you are protected against unnecessary cyber vulnerabilities.

Protect your business

Want to know more about the Cyber Essentials requirements? Our team at The Missing Link can offer you the expertise and support needed to achieve Cyber Essentials certification or Cyber Essentials Plus certification.

For practical help with your certification and cyber security, please get in touch with our expert team at The Missing Link or for more information about Cyber Essentials such as Secure Configuration, User Acess Control or Patch Management, click here.  

 

If you liked this article, you may also like:

Cyber Essentials decoded: Firewalls and User Access Control

Cyber Essentials decoded: Patch Management

The challenges of running a modern day SOC

Author

Taylor Cheetham

Campaign Manager