Comments from ESET following research suggesting “Businesses hit by malware every 3 mins”
In light of the research by FireEye suggesting that businesses are hit by malware every three minutes, David Harley provides some further insight and offers his advice on what else businesses can do to protect themselves.
“Spear-phishing is a somewhat ambiguous term. Targeted attacks can be a more efficient way of carrying out an attack on a business. Firstly, they make heavy use of social engineering as an entry point. As such, technical defences like spam filters and firewalls are less likely to pick them up. Secondly, malicious code is likely to be customised to a point where it isn’t so easily found by generic malcode detection such as passive heuristics, let alone by old-school static signature detection.
“Most malware is to some extent automated, both in the way it is generated and the way in which it is transmitted. Indeed, it can be very effective, but businesses tend to be better protected against it than many individuals. There is an increasing tendency for SCADA and ICS utilities to be targeted and the specialised ‘always-on’ nature of some of the equipment at such sites makes it harder to defend through security software, patching and so on.
“However, the best defences are multi-layered. These involve efficient updating and patching. It also means not relying on a single layer/security solution, such as a firewall or Intrusion Prevention System (IPS). Additionally, businesses can build up resistance to social engineering by educating staff on the ways to spot malware.”