Don’t Forget Viruses, the Computer Kind
Antivirus software and firewalls are the most widely adopted security technologies and have been so for years. They reduce risk but are taken for granted. Recent news in the non-tech world reminds us that media attention on the topic du jour is deleterious if it detracts from continuing efforts to address long-standing concerns. In other words, while emerging threats like nation-state cyberattacks and novel technology approaches like zero trust are worth addressing, don’t forget the efficacy of long-standing approaches to information security.
Only 2% of cybersecurity professionals expect an antivirus project to be their main focus regarding data breach protection, according to Cynet’s “State of Breach Protection 2020.” In that same study, 87% of enterprises use antivirus (AV) software, which usually fits into a broader anti-malware category that also addresses threats like worms, bots and ransomware. As previously reported, enterprises can become overconfident that they have the controls and technology in place to effectively manage security risks. Has this happened with anti-malware software?
While the AV market is passe and mature, security vendors have not necessarily been complacent. They continue to monitor for new threats and have embraced a broader category, endpoint detection and response (EDR), that combines elements of anti-malware with newer tools that provide real-time anomaly detection, forensic analysis and remediation capabilities. Unsurprisingly, EDR is poised for rapid growth. Although only 28% of the Cynet survey use the technology, 57% said that EDR is the breach protection project they expect to concentrate on this year.
There are some indications that malware threats are abating. For example, the volume of malware attacks observed by SonicWall Capture Labs threat researchers actually declined 6% to a measly 9.9 billion. Furthermore, according to Google’s Transparency Report the number of websites suspected of distributing malware is at its lowest point since 2007. Unfortunately, this decline has been accompanied by a dramatic increase in websites that phish for personal information without requiring a visitor to download something.
It appears that the coronavirus pandemic has spurred an outbreak of malware and scams. This article was not meant to be a bait-and-switch. The overwhelming body of evidence is that malware continues to be a top security threat. Just because people don’t talk about antivirus anymore, does not mean that it isn’t needed. Even as we focus on cloud native security, the “health” of open source communities and software supply chain security, rest assured that The New Stack maintains a broad, historical perspective.
A computer virus injects malicious code into files, and spreads within its host and potentially to other hosts. Most endpoint security products protect against this and several other types of malware. “Source: O. Or-Meir, N. Nissim, Y. Elovici, L. Rokach, “Dynamic malware analysis in the modern era—A state of the art survey”, CSURACM Comput. Surv., vol. 52, no. 5, pp. 1-48, Sep. 2019.
More Data Points and Charts to Consider
- Holes in the Anti-malware Coverage: 28% of endpoints (e.g., laptop, mobile phone, server) have either outdated anti-malware/antivirus (21%) or are don’t have this type of protection (7%). (Source: “2019 Endpoint Security Trends Report”, which analyzes data from devices at 12,000 organizations that have activated Absolute Software’s product.)
- Automation and AV: 74% of companies with anti-virus technology have fully automated their solutions. Does this lead to a lack of needed human attention? (Source: “2020 Ponemon Survey Report: Staffing the IT Security Function in the Age of Automation”, which surveyed 1,027 IT and IT security practitioners.)
- Email vs. Web: Despite the rise of cryptomining and security problems with the new WebAssembly implementations, 68% of malware attacks came via email. (Source: Check Point Software Technologies’ “2020 Cyber Security Report”). Also, 71% of IT decision-makers saw an attack where malicious activity was spread from one infected user to other employees. (Source: Mimecast’s “The State of Email Security Report 2019”, which surveyed 1,025 IT decision-makers.)
Feature image by S. Hermann & F. Richter from Pixabay.
