Antivirus software can protect business systems from all types of malicious attacks, such as worms, phishing attempts, Trojans and other malware. Nonetheless, antivirus software isn't the only protection businesses need to stay secure. Cyberattacks can come from anywhere, with many designed to bypass antivirus software. To help you keep your business safe, here are some of the most common ways antivirus programs leave businesses vulnerable to cyberattacks.
One thing antivirus software can't protect you from are insider threats. This typically includes cyberattacks from employees and, often, outsiders infiltrating systems through compromised employee accounts.
"Antivirus is a good and necessary protection, but is only part of a security solution," said David Swift, principal architect at security intelligence platform Securonix. "The facts show that a determined attacker will get in, and that a vast majority of the losses are going to come from external attackers using legitimate — but compromised — credentials." [The Best Antivirus Software for Business]
Instead of relying on antivirus alone and watching out for malware, businesses should also monitor employee behaviors and accounts, Swift said.
"The era of insider threats or threats from compromised accounts is here," he said. "Companies must look beyond signature-based security tools, and look at user activity for bad behavior. It may be the trusted insider, like Snowden, or a harvested account used by a bad guy, such as in identity theft and stolen credit cards."
Antivirus also can't protect network systems from compromised devices. In the Bring Your Own Device (BYOD) age, unprotected computers, tablets and smartphones can infect protected systems.
"Antivirus, antispyware and firewalls are solutions that users first think of to minimize risk of cyberattacks from the endpoints in their network," said Carmine Clementelli, network security product manager at business technology solutions company PFU Systems. "However, there are a few considerations to think about. First of all, what if the network is accessed by devices that aren't protected."
For instance, employees bring their personal devices to work (or guests connect their devices to the network), which might not have an antivirus installed, and attach them to the corporate Wi-Fi, Clementelli explained. This means businesses have to take greater command in minimizing risk and protecting their systems.
"Mobility and BYOD in the modern era require a new approach that is obligating businesses to adopt network visualization technologies," Clementelli said. "This will allow them to know who and what is on the network and to control their network access."
Advanced persistent threats
Even if systems have antivirus software, they are not immune to advanced persistent threats (APT) — attacks in which malware maliciously employ programs so they can pass undetected. When this happens, businesses suffer immensely as APT causes enormous damage on the network.
A common example of APT is when malware is disguised as routine business communications, such as sending or receiving emails, but the most common type of malware today is known as a Remote Access Trojan (RAT), Clementelli said.
"With a RAT, the intruder outside a network remotely operates an infected PC within a network to collect internal data," he said. RAT infiltrates the network in advance through an email message, for instance, but does not immediately begin the attack. "Afterwards, when the attack begins, the content of the communications does not contain malware itself, and the traffic associated with the remote operations is almost always encrypted. This activity is difficult to discover using conventional antivirus software or unauthorized intrusion-detection systems."
In addition to undetected malware, there are also unknown malware bypassing antivirus solutions. The sheer amount of malware being created and distributed daily makes it virtually impossible for antivirus to protect against them all.
"We're literally being bombarded by new malware to the tune of 200,000 new malware each and every single day, and that's on a good day," said Pierluigi Stella, chief technology officer at managed security services firm Network Box USA. "During an outbreak, we see that number escalate, sometimes close to 1 million."
This is because it's easier than ever for hackers to launch attacks. Not only can they create viruses automatically — with thousands and thousands of variations hourly — but they have also built an efficient and rapid distribution network, Stella said. In comparison, it can take an antivirus company several hours to detect and fix malware.
To combat this, antivirus companies are finding new ways to protect systems, such as relying on cloud-based databases of malware signatures — an algorithm that specifically identifies individual viruses — and methods that detect malware that don't have signatures.
For businesses, this means finding antivirus software or providers that have "zero- day" initiatives, which refers to malware that no one has seen before and has no protection available against it.
"Catching the zero-day malware is where the industry's headed," Stella said. "Sandboxing, behavioral analysis, pattern recognition, etc. are all expressions describing some of the methods companies are using to spot the next 'zero day' before it causes damage. Many such methods are plagued with false positives, but a false positive is far more acceptable than a false negative [where unknown malware] then enters your network and causes havoc."
But don't get rid of antivirus just yet
Although antivirus can't completely protect a business's systems, this doesn't mean they are not necessary.
"Despite the prevalence of zero day, there’s still a huge number of very well-known and maleficent viruses that your antivirus can stop," Stella said. He suggested going online and finding comparisons of different antivirus software and looking beyond big names. "There are plenty of other companies that are doing better and deserve a chance," he said. "To give you an idea, Kaspersky runs over 8.5 million signatures. These are known viruses that can still 'hit' your workstation."
Business should also make sure their antivirus software are running at its optimum level.
"Don’t ditch that old AV just yet," Stella said. "Rather, keep it up to date and keep it running. This way, at least you’re protected from the 'known' stuff. It'd be silly to be attacked by something that can be stopped so easily."