Malware protection is more important today than ever since cybersecurity threats are on the rise. No great surprise there, right? But why, exactly, are cyber security threats so prevalent? The uptick is in no small part due to how much easier it is to take up the mantle of cyber attacker.
Today’s exploit kits, for example, simplify cyber attacks for even inexperienced hackers. These malicious toolkits come with pre-written exploit code and require no knowledge of how it works. Often a simple web interface allows licensed users to log in and view active victims and statistics. These kits may even include a support period and updates, much like legal commercial software.
The increased need for malware protection also has to do with the widespread availability today of sophisticated tools originally intended for cyber espionage and cyber warfare.
Ransomware, for example, has evolved from a simple scary hack to enterprise-grade malware built on stolen U.S. National Security Agency (NSA) tools that hold computers hostage and lock down entire systems. Combine that with the fact that nearly 40 percent of all spam sent in 2016 contained ransomware, and it’s clear that at any point an unsuspecting user may click on something they shouldn’t and compromise the organization.
IBM X-Force found that one in two executives have experienced a ransomware attack at work. That’s potentially half the executives in your organization. And that’s just the executives.
So, What’s the Cost of Modern Cyber Attacks, Really?
According to FBI estimates, criminals collected $209 million in revenue in the first quarter of 2016, with the number expected to have exceeded $1 billion by year end. Since then, it’s only gotten worse. In fact, the world recently saw its first million-dollar ransom payout.
But malware today—even ransomware—is about so much more than making money.
In fact, while WannaCry was far less successful at raking in the money (it was at about US$135,000 as of June 28, 2017), it was a huge success in terms of how widespread it was: within a day it had infected more than 230,000 computers in more than 150 countries. And the cost to organizations goes well beyond the ransom payouts that in no way brought them to their knees. There is no guarantee paying the ransom will work and recover lost data; and, regardless, the real damages extend to downtime, damaged data, lost productivity and post-attack disruption to the normal course of business, forensic investigation, and restoration of data and systems—not to mention the huge hit your business’s reputation would take with your customers, partners, and the supply chain, or the possibility of fines if you’re found to be lax with compliance.
FedEx, pharmaceutical company Merck, and shipping giant Maersk are great examples of this. Each was hit by NotPetya this year, and each has admitted continuing to dig out from under these attacks weeks and even months after they took place. FedEx expected systems to be fully restored at the end of September, three months after the attack, at a cost of USD 300 million. Maersk came up with the same number, and Merck weighed in at USD 200–300 million.
Where Do We Go From Here?
How do you stop this freight train? Without a focused security strategy, device sprawl is costly—and out of control. IT teams spend too much time managing these devices. Add to this a major cybersecurity labor shortage that forces companies to optimize their security personnel, and clearly a strategy leveraging tech that’s comprehensive, simplifies management, and focuses on security basics that raise the highest barriers against real-world attacks offers a strong advantage over other solutions.
When 93 percent of data breaches compromise organizations in minutes or less, you simply can’t afford to make the wrong call when it comes to malware protection for your organization.
For a more complete picture of the cybersecurity landscape and the tools you need to protect your organization, check out our white paper: What to Do BEFORE All Hell Breaks Loose.