Why antivirus isn’t enough to protect your business against ransomware

October 30th, 2019
Why antivirus isn’t enough to protect your business against ransomware

Why antivirus isn't enough to protect your business against ransomware blog feature image (900x300)

What is antivirus?

Antivirus is the software you install onto all machines networked in your business, and any other devices staff use to access work-related information. There are several antivirus providers, and you can choose the level of protection they provide. Free versions are available, but not recommended for businesses.

Antivirus needs to be updated regularly, so if you see a pop-up reminder, don’t put it off. New malware and viruses are created constantly, and if you want to protect your systems adequately, you need to make sure your solution is as up to date as possible.

What is ransomware?

Ransomware is one type of malware (malicious software) that cyber criminals use to exploit vulnerabilities and weaknesses in your IT systems and compromise your data. The effects of a ransomware attack can be devastating, particularly to a small business.

The hacker will encrypt the data on your computer or network or lock access to it in some way. They will then demand payment for the release of your information. Once ransomware has taken hold, you’ll be notified and then given instructions on how to retrieve your data.

Ransomware can be installed or downloaded onto your computers in several ways – an email attachment, a third-party drive (such as an employee’s memory stick), links to infected websites or downloads.

Alternatively, more sophisticated ransomware can trick users into giving administrative access to folders and drives. However, it doesn’t always need anyone within the company to do anything – it can also exploit security holes. Hackers can also pretend to be from a government authority or the police, claiming to be closing down illegal activity.

It’s worth remembering that the cyber criminal is the only person who has the decryption code. The amount requested to restore your data can range from a few hundred to a few thousand pounds, and there’s no way of working out why they’ve chosen to target you.

How does antivirus help?

Antivirus software regularly scans your systems, devices, software and drives for anything out of the ordinary. It spots malware or unusual patterns which could be an indication of something malicious.

It can monitor how everything is functioning, and you can manually request it to scan, as well as scheduling regular checks. Antivirus is also able to remove or neutralise the threats it identifies.

Some antivirus products can also scan external sources, such as websites and application downloads or updates. Finally, it protects your data to prevent ransomware from restricting access, as we’ve mentioned, or to reduce the risk of data or identity theft.

The increase in BYOD (bring your own devices) means there are more endpoints introduced into a company than ever before, and these can be hard to track and monitor. More advanced antivirus solutions use artificial intelligence which relies on machine learning to detect threats - the machines use data mining to classify whether a file is malicious or not.

Ways that antivirus work and what you should look for

Signature-based detection, which requires the software to recognise and store the ‘signature’ of a file, is less effective now as hackers can morph the virus so it actually encrypts itself and so avoids detection.

Viruses can be adapted or mutated, causing multiple versions with slight differences, which are known as variants. It can be quicker to identify which family the strain has come from rather than the virus itself. Detecting the generic signature that indicates the family is known as heuristics.

An alternative form of detection is behaviour analysis. The software scans the file or application to look for anything out of the norm, suspicious or unapproved. Often, the scan identifies potential risks before anything happens.

The scan also looks at the structure and code of the file to spot anything that could cause damage. For example, if the act of opening a PDF document opens communications with an external server, this means there’s a virus in the system - PDFs do not behave in this way.

Your AV solution should be doing a mixture of these.

Why antivirus alone isn’t enough

Antivirus is useful because it scans your drives and matches up to known file types. However, as malware gets more sophisticated, it quickly becomes unrecognisable and therefore undetectable to most antivirus scans.

Antivirus catches a lot of the generic viruses, ransomware and other malware hackers use to attack servers.

But to ensure you’re fully secure, you need to invest in a multi-layer approach to cyber security.

Think of it like bulletproof glass – it’s only slightly thicker than ordinary glass, but it's made up of lots of layers with film in between, so the bullet should get caught somewhere. Your cyber defences should do the same.

This is done by many layers of protection:

Email protection

Traditionally spam filters removed offers of Viagra and Russian women, but developments in technology now call for a full email protection system. Your mail protection needs to prevent spoofing attacks, remove viruses, monitor both in and outbound mail traffic, while giving the user easy control over their mailbox.

Firewall including unified threat management

A firewall will monitor all and blocks if required internet traffic. They need to be regularly updated so that it is aware of the latest risks. They will prevent access to infected websites or applications. As traffic is monitored, management teams can report on internet usage by an employee.

Internet / DNS protection

Internet protection will monitor traffic and websites visited in real-time at all times, no matter where the device is. So if your staff are using their laptops at home or in a café without a firewall they are protected from web attacks.

Training and policy

The final layer of glass is user education, as in most companies, the user is possibly the weakest link in the chain. In today’s ever-changing, fast-paced world, we are always on call to respond to emails no matter what we are doing or what the time of day. When we are under this kind of pressure, that’s when links or malicious content are easily clicked.

Users need to be made aware of the sort of threats cyber criminals are using to target your business everyday, as most employees are blissfully unaware of how their actions can put the company at risk.

You should also consider what you will do when one of these layers detects something. Do you have a team who can respond quickly and efficiently to stop the threat? Managed detect and respond services will do this for you and we’ll cover them in an upcoming blog.

What if everything fails?

Would you stand behind bulletproof glass and be shot at? What if there is a new bullet in the gun that’s diamond-tipped? The chances are it will stop it, however there still is a risk, and we want to reduce that to a minimum.

If everything else fails, a business continuity solution will save you. Think of it as a safety net. The best business continuity solutions will backup regularly to onsite and cloud-based backups. This allows you to continue running, even if your servers are unavailable and will restore data after an attack - ensuring minimal downtime and in turn protecting your business and brand.

Choosing the right multi-layered solution can be daunting, so speak to your IT department or external support partner. Our team are always on hand to help you look at the options.