Controls against malware

A three pronged approach should be given to one on the banes of Information Security. According to the Verizon 2016 Data Breach Investigation Report  80% of all logical attacks are external, the major driver is of a financial nature and the two main breach types are malware and hacking.

First line of defense should be by the users – awareness of security procedures that users should not open attachments without making sure that they are not malicious, not clicking links in emails or visiting websites that could load viruses, Trojans or sniffers onto the users device. Consider blacklisting known sites or whitelisting and dealing with the fallout.

Second line should be one of access to systems to restrict how users connect removable media or other devices into networks to prevent the introduction of unchecked material. A USB stick has been anywhere and everywhere and could introduce anything and everything onto your secure networks unless you take actions to mitigate this risk. A recent Sophos survey found people will to plug in a USB they had simply found.

Thirdly the running of malware detection and anti-virus software on the network checking those files being processed and those introduced via email etc. However, application controls can make a great mitigation tool, if email attachments are downloaded with macros turned off, and that any deviously renamed file appearing as invoice.txt rather than invoice.txt.js is default opened by a script editor rather than your favourite browser. You could also consider only forwarding attachments to users via email from known senders, just that users should be made aware of spoofed emails.

A policy should be constructed to both prohibit the introduction unauthorised software and to protect against files or software from external sources. This should include how protective measures should be taken – procedures should exist defining responsibilities for dealing with malware detection, training required, awareness and procedures required during maintenance or emergency circumstances where systems may be vulnerable, isolation in the event of detection and recovery from any attack. Reference should be given to business continuity plans for recovery.

Network software and data should be reviewed. Unapproved files or amendments should be investigated and resolved as security incidents.

Computers should be periodically scanned and at the point of new introductions of software, scans should include mail attachments, downloads and web pages.

Responsible employees should keep abreast of developments in malware in whatever way considered appropriate. This should include the verification of malware to ensure hoaxes are avoided and that employees are made aware of the problems of hoaxes and how to treat them. A new trend in malware is ransomeware which is a particularly nasty creature see which will encrypt your data only being released if you pay the bad guys.