Computer security is an on-going project. This is true no matter how good you think your security is. A once a year audit will only take a snapshot of the level of security at that particular point in time. The cyber threat landscape, however, is constantly evolving, becoming ever more sophisticated and consequently, our response to it must evolve too.
Alex Dean of Stackhouse Poland pointed out in his recent Boomerang blog contribution, Cyber and Data Security, that he’d received five emails from recruitment agencies that had suffered a data breach within the previous ten days. He explains how recruiters make ideal targets for Black Hats (hackers) because of the nature of the data they are required to hold. However, Alex has been encouraged by recruiter’s response to GDPR compliance, and also states recruiters are generally ahead of the curve when it comes to data security.
This may be true, but unfortunately, our experience has shown it’s still not enough – as demonstrated by the five agencies who emailed Alex regarding breaches. So, why did it happen? Probably because they were under-informed and unable to maintain a finger on the pulse of the complex cyber world. Recruiters are not alone in this respect. After all, unless you’re a cybersecurity expert, the main purpose of your business is not keeping up to date with the latest threats!
The main issue we’re finding is companies are still relying on AntiVirus alone to protect their data, and this is simply not enough.
AntiVirus will only protect you from known threats. Black Hats are now increasingly using innovative, previously unknown ways of accessing your data. AntiVirus works by looking for known malware, including viruses, worms and trojans, and their variants, and checking for familiar files (Word, Excel, etc.,) displaying unfamiliar signatures – signatures Word files shouldn’t be presenting. These signatures are an indication the files have been infected. AntiVirus spots these signatures and quarantines and kills the file, taking the malware with it. All great, as long as there’s malware to find.
Often now, though, Black Hats are using intrusion methods to hijack embedded programmes. This means, rather than installing malware; they use these programmes to issue commands that allow the hackers access to the rest of the network. AntiVirus cannot detect this type of attack, because the programmes themselves still ‘appear’ normal when AntiVirus scans them. It is the behaviour that is unusual, i.e. hackers will instruct a computer terminal to send your data to another computer somewhere in Russia or China, etc. AntiVirus CANNOT detect behaviour. So, if you’re relying on AntiVirus, you’re defenceless against this type of attack. This is the type of attack that can crash your systems or lock you out of them in a matter of minutes. In fact, the average amount of time to take down an entire network is just 22 minutes. It could take days to get it back – if you even can.
AntiVirus protects against known threat but cannot protect you from the unknown ones – those can only be picked up by sophisticated anti-hacking software.
If you’d like to learn how you can protect your systems from just 50p per computer per day, talk to me or one of the team at Westtek Solutions. Your cyber insurance company will love you for it!
WESTTEK SOLUTIONS, THE COMPLETE IT MANAGED SERVICES PROVIDER
Every business needs a proactive cybersecurity specialist and technology success partner offering strategic consulting and technical support services. In order to help you maximise productivity within your business, contact Westtek Solutions on 020 3195 0555.
We make sure your technology works for your business and not the other way around.
We work with Recruitment business owners and directors who have become frustrated with high levels of interruption to their IT services, causing a loss of profitability and unnecessary stress.