If Spam Emails are the Common Cold of the internet, Malware is most certainly the Cancer! If it’s left to run out of control, you could lose your business.
Unlike spam, which is just a plain nuisance, Malware can cripple your business and even turn off the lights within minutes of activation. You’ve probably read numerous stories over the years of ransomware attacks causing companies to be locked out of their own data, and resulting in them having to shut down for days, weeks or sometimes forever. Guess what? Ransomware is part of the Malware family – the really nasty cousin you wouldn’t want to invite over for Christmas!
There are a heap of different Malware types going around and they’re constantly changing. The folks who put them together like inflicting damage and earning a dollar if they can along the way from the fallout. Your business doesn’t have to be a lame duck in the path of a determined bad guy; there are ways to protect yourself.
Setting aside the intent of the criminal for the moment, let’s discuss the different types of malware, what they do, and how they make your life difficult:
These are the most common and widely known forms of Malware. In fact, most of us don’t even know we’re talking about Malware when we say our PC is infected with a virus. Malware is usually found hidden in a file that you can install or a document you can open. The documents are usually spread via email and the email is usually written in such a way that makes you feel compelled to open the document to get answers. The installable files, on the other hand, can land in front of you in a variety of ways, the most common being a file that gets downloaded when you click on the wrong link online.
These are nasty creatures that can infect your systems without you doing anything to get them started. In other words, you don’t necessarily need to open a document or install a program. Two or more machines on the same network that aren’t properly protected can infect each other in no time at all. This is typically a big problem in unprotected or un-managed computer networks. If you’re a small or medium sized business with a bunch of computers and no protection or proper support, you’re probably in the firing line for one of these worms.
This variation of malware does exactly what the name implies – it spies on you! It sits in the background of your device and downloads the activities and inputs you make on your device. In most cases, this information is sold to unscrupulous advertisers who want to start peddling you a bunch of rubbish or in more sinister cases, it skims your browsing traffic (e.g. you browsing to your internet banking login page) and skims whatever you input on that page (i.e. your customer number and password) and then directs that info back to the criminal for them to take your cash.
Imagine a combination of a Virus and Spyware all wrapped up inside a socially engineered delivery package – that’s a Trojan. It’s delivered in a way that encourages you to run it, install it, get infected and be open to all kinds of risks.
This is the go-to-tool for online criminals. It’s a lazy way for them to throw an infection into the wild, lock people’s machines and files, and sit back and wait for the payday.
If you’re a business that’s unprepared (i.e. no malware protection, no backups, poor IT support) and you get infected with ransomware, you’re in big trouble! Every security vendor on the planet will tell you not to pay the ransom, as it funds the criminal and encourages them to do it again. But what happens in the meantime if you have no way to recover your data or operate your business? Protection against this is seriously the best investment you’ll ever make.
So, now that you know a little about the Malware families and what they do, let’s discuss the intent of the bad guys. All of these nasty tools are there to get one of two things: Your details or your money – or both. The money part is pretty self-explanatory so let’s delve into the part about getting your information. Your personal information is just another form of currency to the criminal. They’ll either sell everything they have on the black market (otherwise known as the Dark Web) or they’ll use it to rack up a bunch of debt against your name in the form of online purchases, loans or a variety of other low-touch ways they can use your identity to obtain goods or cash through deception.
Every news outlet on the planet has covered stories about “data breaches” and who they’ve happened to, but let’s contextualise this to you as an individual. If your information landed in the hands of a criminal, what will they do with it and how does it affect you?
For starters, you’d find yourself going through the 9 stages of grief:
- Hope: You hope you haven’t been compromised.
- Anxiety: If they took something, what are the likely to take from me and has it already happened?
- Depression: A helplessness that washes over you when you can’t stop what’s already happened.
- Denial: It can’t be that bad, what they took shouldn’t impact me too much.
- Pain and Guilt: It was my fault that I didn’t pay for that damn anti-virus subscription!
- Anger and Bargaining: I’m very careful with my computer and my phone, this wasn’t my fault, surely someone else is to blame!
- Acceptance: Ok, so it‘s happened, I can’t get my data back and I’ve taken the steps to avoid it happening again.
- Depression: But why did they target me? What did I do to deserve this!? Surely there is more important stuff they could steal.
- Revival: Ok, lesson learnt. I’m in good shape now, I didn’t lose a lot and I know more than I did before this.
Pretty intense! Now let’s switch roles. You’re now the brand or business owner whose brand was used to distribute this Malware through lax controls or a poorly policed brand. Your customer is the unfortunate person that’s midway through the 9 stages of grief. How do you think they’re feeling about your brand at Stage 6? What do you think they’re likely to do by Stage 9? Generally speaking, that customer is going to walk away from your brand and will proactively tell others to do the same thing.
At this point, I think we’d all agree, if you own or operate a business, it’s best to avoid getting into this situation in the first place. If you take a birds-eye view of the different members of the malware family, you’ll see that infection can happen in basically one of two ways:
- Poorly managed IT environments
- Staff that have little or no knowledge of basic IT protection
For the IT systems, the solution can vary greatly from business to business depending on what software you happen to use and how old your IT systems are. In some cases a solution can be quick and painless and in others it can be time consuming and costly.
For the staff, the worldwide media coverage of these types of attacks greatly benefit the public, because cyber security becomes a topic of conversation for people outside of the IT department. Whilst this is a first step, it’s not the only answer. Training staff on the different ways scams or attacks can occur, particularly in a business environment, is super important because the most effective way for a criminal to get into your business is poorly educated staff. People often get confused and think, “Hey, I run my anti-virus software, I’m protected!“, but this is not the full picture. Whilst it’s very important for an individual or business to be protected in this way, there’s more to it.
If you’re going to look at your external assets (i.e. your social media, your mobile apps, your website, your emails) as a company, you might be limited in what you can find or do about it on your own so you’d typically look to a third party to help you with this. Third parties in this space spend a considerable amount of time and effort trying to prevent attacks on your brand and if they occur, dealing with them swiftly to minimise the impact to youandyour customers, and to make the criminal think twice about coming after you again. The techniques used in detection and prevention include things like “Sandboxing” and “Behaviour Monitoring”. If you cut through the deeply technical parts of what this means, it essentially breaks down to a highly experienced person or group, pulling apart a piece of Malware to understand how it works and what it’s trying to do. If you see enough Malware and pull each of them apart, you can start to build a picture of who or why someone is coming after your brand or your customers.
If you’re still reading this article and you’ve made it this far you are:
- Energised to fix the problem that you know you have.
- Completely overwhelmed about how much you didn’t know or
- Reasonably sure your business is in an OK position.
Regardless of which of these categories you fit into, having a chat with an expert to get an impartial assessment is never a bad idea. We’re here to help. Send us an email or give us a call, and we’ll figure out with you what your brand exposure looks like and give you an honest assessment of how or if we can help.