Malware is an infection/virus that can coopt computers, devices, or network systems. A malware attack may proceed without the computer user’s knowledge of its existence. If left undetected, malware damage can cost organizations up to $2.6 million in remediation fees.
For what purposes do cyber criminals use malware?
Malware is typically employed by cyber criminals who have specific objectives.
- Cyber criminals deploy malware to pinch sensitive personal or corporate information, including bank account numbers, credit card details, or intellectual property related information. These details can be sold on the dark web (black market) for criminal financial gain.
- Cyber criminals also rely on malware for direct financial extortion of organizations. The type of malware used for extortion purposes is known as ransomware (link to ransomware page). Ransomware-based attacks can be extremely lucrative for cyber criminals.
- Malware can be used to mine bitcoins or other cryptocurrencies.
How can organizations protect against malware?
When it comes to malware, ensure that leadership, the IT department and other teams are following best practices.
For leadership: Best practices to prevent malware
- Learn how to recognize malware on your own devices. If you’re unaware that your device has malware on it, the malware could spread throughout your organization’s network.
- Ninety-four percent of malware is delivered via email. Check the details of the email sender before you share sensitive information. Cyber criminals may deploy tricks to impersonate others. Careful observation of the requester’s details can enable you to spot social engineering or trickery.
- Limit your attack surface. On your mobile device, do you have apps that you’re no longer using? Consider deleting them.
- Encourage your IT department to create a policy around sharing company information. A useful model is ‘if it’s not public knowledge, do not share it’.
For IT departments: Best practices to prevent malware
- IT departments must invest in tools that will protect your organization. Ensure that your organization implements various layers of malware protections, and other cyber security safeguards. These may include host intrusion detection system, and firewalls, among other tools.
- Regular patching and software updates are also essential.
- Implement access control via zero-trust policies. With zero-trust and administrative controls, malware will not be able to infect your system/s as easily as otherwise.
For non-technical teams: Best practices to prevent malware
- Dedicate resources to end-user awareness. Be sure that your organization provides employees with education around what malware can look like and who to contact with questions about suspicious computer activity. Online trainings and in-person workshops can assist with this endeavor.
For additional insights into the importance of cyber security safeguards and malware protections, visit Cyber Talk.