The latest UK government research shows that 20% of businesses have suffered a malware attack in the last 12 months*. Unsurprisingly, the research in our most recent Global Risk & Confidence survey, shows that 17% of small & medium sized businesses are prioritising cyber risk as their biggest concern, second only to political risk.
As companies grow, and become ever more interconnected, their cyber threats increase. How should businesses prepare for cyber-attacks? And how do they mitigate these risks? For this, the second instalment of my Cyber Threats 101 series, I look at what malware is and outline my three top tips on how to avoid it.
What is Malware?
Malware is an umbrella term for dangerous software that disrupts computers and networks, including Viruses, Trojans, Worms and Ransomware. Here’s the detail on these types of malware to help you mitigate the risks:
- Virus: Commonly spread by email or opening attachments online. Once opened, they can infect parts or all of the computer and/or network.
- Worms: Worms replicate themselves and pass from one computer to another, usually via sending infected emails. NotPetya is an example of “worm” that spread quickly across computer networks, encrypting computer hard drives so they couldn’t operate. It caused $10Billion global damage.
- Ransomware: Ransomware holds parts (or all) of a network or computer files to ransom by encrypting a company’s data and applications, causing severe business interruption and shutdown until the ransom is paid. Ashley Madison, a website for extramarital affairs was hacked in 2015 and the personal information of the 36m user base was stolen and threatened to be released unless the site was immediately shut down.
- Trojans: Trojans are hidden malicious files that are embedded into software or applications that the user downloads online. They can delete data or create back-doors around security processes for cyber criminals. In 2016, Tiny Banker Trojan (Tinba) infected major banking institutions in the USA including HSBC and Bank of America. The customer was directed to a spoof page to enter their login information enabling the cyber criminals to capture the credentials.
How can we help prevent Malware? Here are my three top tips for preventing an attack.
- Staff education: make sure your staff are fully trained on cyber to help minimise mistakes from opening emails and attachments containing malware.
- Ensure resilient cyber defences: make sure all software and applications are up to date, robust antivirus software and Firewalls are used and pop-ups are blocked.
- Use a pre-breach service that scans for malware: Our pre-breach partner, GamaSec, provides a screening service which is designed to prevent malware attacks. It uses cutting edge virtual hacker technology to identify and remove dangerous malware threats by running daily detection and website monitoring.
Reduce Malware Threats With GamaSec
GamaSec’s services are available to all CNA Hardy cyber policyholders at no additional charge. No installation is required, simply register your business with GamaSec. Find out more here.
At CNA Hardy, we’ve taken our knowledge and understanding of these types of cyber-attacks and built them into our cyber product offering and services, click here
Read my first blog of the Cyber Threat 101 series on social engineering here.
For more insights read the Global Risk & Confidence Survey here
|
Martyn Janes
Underwriter, Cyber & Tech
UK Regions – Birmingham & SW England
[email protected]
|
*Cyber Security Breaches Report 2019 here
Risk & Confidence Survey May 2019. SME classification £5M-£25M