As the threat of cyber incidents becomes increasingly pervasive for businesses, an effective business cybersecurity policy becomes more crucial than ever. Robust security relies on what the cybersecurity industry calls “defense in depth” — a multilayered security approach that uses a range of tools to help thwart different incident types at various stages. Antivirus software is a core element of these defense tools.
Antivirus software can protect businesses from many malicious attacks, including viruses, worms, Trojans and ransomware. However, antivirus software alone isn’t enough to secure your devices from hackers and provide comprehensive protection.
We’ll examine antivirus software, its limitations, and the steps businesses must take to maximize security.
While most antivirus software is still called “antivirus,” the best solutions have evolved and can more accurately be called anti-malware software. The best antivirus software can detect and block multiple types of malicious software (malware), including viruses, Trojans, worms, spyware, adware and rootkits. This software provides real-time and scheduled protection, allowing businesses to set full system scans at specific times along with round-the-clock protection.
Antivirus software detects malware in two ways:
In general, sophisticated antivirus solutions include both signature and heuristic-based capabilities.
Security system complexity can lead to alert fatigue — excessive security alerts that take a toll on IT staff and overall business security.
There is no shortage of antivirus software, and deciding between providers can be overwhelming. At a basic level, most sophisticated antivirus providers have products that share fundamental signature-based detection capabilities. However, when it comes to additional protection levels and other add-ons, some software providers offer better packages than others.
Businesses should look for the following features before purchasing antivirus software:
Beyond core antivirus functions, businesses should also look at extra features that may be included in a bundle. Some antivirus software comes with the following:
While none of these features are required for an antivirus solution to work, they help protect against other threats. For example, compliance fines can be debilitating for businesses that accidentally fall afoul of regulations. Similarly, email security can help protect users against phishing attacks, which continue to be a route attackers use to gain access to an organization and cause data breaches.
While antivirus software is crucial to a business’s security strategy, it has limitations. Antivirus software can’t defend against — or can only partially contain — a range of threats, including the following.
Antivirus software can’t protect a business from insider threats, including employee-driven cyberattacks, employee fraud, and outsiders infiltrating systems via compromised employee accounts.
“Antivirus is a good and necessary protection but is only part of a security solution,” said security consultant David Swift. “The facts show that a determined attacker will get in, and that a vast majority of the losses are going to come from external attackers using legitimate — but compromised — credentials.”
Instead of relying on antivirus software alone and watching out for malware, businesses should also monitor employee behaviors and accounts, Swift advised.
“The era of insider threats or threats from compromised accounts is here,” Swift noted. “Companies must look beyond signature-based security tools and look at user activity for bad behavior. It may be the trusted insider [or] a harvested account used by a bad guy, such as in identity theft and stolen credit cards.”
Antivirus software can’t protect network systems from compromised devices. In the bring your own device (BYOD) age, unprotected computers, tablets and smartphones can infiltrate and infect protected systems.
“Antivirus, antispyware, and firewalls are solutions that users first think of to minimize [the] risk of cyberattacks from the endpoints in their network,“ said Carmine Clementelli, former network security product manager at business technology solutions company PFU Systems. “However, there are a few considerations to think about. First of all, what if the network is accessed by devices that aren’t protected?”
For example, say an employee brings their personal device — with no installed antivirus protection — to work and connects it to the corporate Wi-Fi network. If their device was compromised, they’ve now made the entire network vulnerable to infiltration.
For this reason, businesses must strive to minimize risk and protect their systems.
“Mobility and BYOD in the modern era require a new approach that is obligating businesses to adopt network visualization technologies,” Clementelli said. “This will allow them to know who and what is on the network and to control their network access.”
Even if systems have antivirus software, they’re not immune to advanced persistent threat (APT) attacks. In APT attacks, highly advanced attackers — typically those with substantial financial backing or who may work for a government — infiltrate an organization’s networks. An APT typically maintains a long-term presence on an infiltrated network to steal intellectual property or sensitive client or user data.
APT attacks focus on stealth; attackers typically launch operations using targeted phishing campaigns to steal login credentials. After attackers gain network access, they’ll try to broaden their reach while remaining undetected. In such cases, attackers will try to use legitimate tools within compromised machines to maintain as much stealth as possible.
If the APT uses legitimate tools and credentials, antivirus software won’t detect anything amiss. Eventually, an APT may deploy malware known as a Remote Access Trojan (RAT).
“With a RAT, the intruder outside a network remotely operates an infected PC within a network to collect internal data,” Clementelli warned. An RAT may infiltrate the network in advance through an email message but does not immediately begin the attack.
“Afterwards, when the attack begins, the content of the communications does not contain malware itself, and the traffic associated with the remote operations is almost always encrypted,” Clementelli explained. “This activity is difficult to discover using conventional antivirus software or unauthorized intrusion-detection systems.”
In addition to undetected malware, unknown malware can also bypass antivirus solutions. The sheer amount of malware that is created and distributed daily makes it virtually impossible for antivirus solutions to protect against them all.
“We’re literally being bombarded by new malware to the tune of 200,000 new malware each and every single day, and that’s on a good day,” said Pierluigi Stella, chief technology officer at managed security services firm Network Box USA. “During an outbreak, we see that number escalate, sometimes close to 1 million.”
This massive bombardment is because it’s easier than ever for hackers to launch attacks. They can create viruses automatically — with thousands of variations — and use efficient and rapid distribution networks. In comparison, it can take an antivirus company several hours to detect and fix malware.
To combat this disconnect, antivirus companies are finding new ways to protect systems, including cloud-based databases of malware signatures — an algorithm that specifically identifies individual viruses — and methods that detect malware without signatures.
For businesses, this means finding antivirus software or providers with zero-day initiatives, aiming to catch malware no one has seen before without any currently available protections.
“Catching the zero-day malware is where the industry’s headed,” Stella said. “Sandboxing, behavioral analysis, pattern recognition, etc. are all expressions describing some of the methods companies are using to spot the next ‘zero day’ before it causes damage. Many such methods are plagued with false positives, but a false positive is far more acceptable than a false negative [where unknown malware] then enters your network and causes havoc.”
Antivirus software can help provide businesses with a solid security layer; however, it’s not enough for comprehensive business security. In addition to antivirus protection, businesses should institute proactive cybersecurity policies with additional tools, best practices and security architecture.
Businesses should consider implementing the following:
Managed services providers. Additionally, businesses that lack technical expertise on staff may find it helpful to work with a managed services provider (MSP). MSPs can help a business establish and implement cybersecurity policies, including ZTA, while also setting up additional security tools, including firewalls, intrusion-detection systems, and antivirus software if it’s not already in place.
Cyberattack costs may be insurmountable for a small business. It’s crucial to pair antivirus protection with employee education, firewalls, intrusion-detection systems, strong passwords, multifactor authentication and more.
Although antivirus software can’t completely protect a business’s systems, these solutions are still necessary.
“Despite the prevalence of zero-day, there’s still a huge number of very well-known and maleficent viruses that your antivirus can stop,” Stella said. Consider conducting online research to compare various antivirus solutions — and look beyond the big names. “There are plenty of other companies that are doing better and deserve a chance,” Stella noted.
Businesses should also ensure their antivirus software is running at its optimum level.
“Don’t ditch that old AV just yet,” Stella advised. “Rather, keep it up to date and keep it running. This way, at least you’re protected from the ‘known’ stuff. It’d be silly to be attacked by something that can be stopped so easily.”
Better yet, see if your old antivirus system is ready for an upgrade. A new, comprehensive antivirus tool could be the precise complement your overall cybersecurity posture needs.
Sara Angeles contributed to the reporting and writing in this article. Some source interviews were conducted for a previous version of this article.