There was a time when malware was released into the wild as a prank by hackers with nothing better to do. But these days, advanced malware attacks are big business — from applications designed to steal your company data to the lockdown of your systems for ransom or stealing passwords and direct financial information.
Malware infection relies primarily on two avenues, social engineering and exploiting bugs in commonly used applications. To defend against malware infection, you need a three-pronged approach: user education, anti-malware software and up-to-date applications.

Educate users

Every user knows the number one rule for preventing a social engineering attack on your business — never click on a link in a suspicious email. Of course, the chance of receiving a convincingly authentic email from within your business, or from a resource such as your bank, that contains a link to malicious software is significantly greater than it once was. Hackers have developed much more insidious ways of gaining your confidence and getting you to click on something you shouldn’t. As phishing attacks get smarter, you need to empower your employees to make smart security decisions. Comprehensive cyber security awareness training and periodic testing, will go a long way, essentially transforming your users into your first line of defence.

Use intelligent anti-malware software

As malware attacks become more advanced, anti-threat software has had to become increasingly intelligent. You expect your antivirus solution to scan any files you move across the network, but catching, quarantining, or removing any suspect files is a different beast entirely. The latest generations of these software suites scan the contents of documents and employ behaviour-based machine learning to identify suspicious process behaviour sequences and shut them down.
But sometimes you’ll need a second line of defence. Consider implementing a containment solution that automatically stops the spread of malware should it get past your established perimeter and network security.

Keep it updated

The final — and arguably the most important — prong of the threat-prevention trident is regularly updating your systems and applications. Updates are released regularly for operating systems, applications, and even other digital components such as app plugins and features. ‘Patch Tuesday’ is well known in the IT world — a day when Microsoft regularly releases patches and updates that fix problems and vulnerabilities in their applications and operating systems. But, of course, if the threat is strong enough, Microsoft and other providers will release an immediate fix to prevent a widespread vulnerability.
It is absolutely critical that your IT stays on top of every update and patch issued for your applications. A single vulnerability can be the source of endless headaches, which is why limiting approved applications within your network is important.
Unfortunately, there still exists the issue of zero-day exploits. A zero-day exploit takes advantage of a previously unknown vulnerability to provide an avenue for attack. The name zero-day describes the amount of time that is available to fix the flaw before it is made public. A good example of a zero-day vulnerability is the WordPress exploit that was discovered at the beginning of February 2015, which exposed as many as half a million sites to infection.
Maintaining a vigilant security posture means being aware of your organization’s critical risk profile and staying up to date on the latest threats. This can be addressed with periodic security assessments that include vulnerability scanning and penetration testing. Even more important, regular assessments will provide you the data you need to inform strategy and maintain a strong security posture in an ever-evolving threat landscape.
Being prepared starts with intelligent cyber security services and solutions embedded into your core business processes. Build a resilient IT infrastructure, understand and manage your vulnerabilities and strengthen your defence against cyber threats. Discover how Ricoh Cyber Security Solutions can help protect your organization with smart, simple IT solutions.