Many companies take they view that as long as they have an antivirus package installed on their computers, they’ll be fully protected from cyber attacks. After all, many antivirus packages offer a wide range types of protection, and are sold as a “one stop” solution, but is that the case? Very often not.
What is the point of antivirus products?
Computer viruses first appeared in the 1980s and were quite simple. Initially, written as a way of demonstrating the author’s skill, they were a type of computer program which could copy it’s self into other computer programs (like a biological virus); they were annoying, but mostly harmless. Unfortunately, that soon changed.
As soon as viruses were created which could cause damage to computer systems, an “arms war” was created between the virus writers on one side, and the antivirus and computer companies on the other. In the mid 1990s, Microsoft changed how it’s Windows operating system (OS) worked and this largely put an end to the traditional computer virus. However, the virus writers soon created new types of malicious software (malware) although the term “virus” stuck.
Today, modern antivirus products protect against a wide range of malicious software types and attacks but they still have the same function as traditional antivirus software. Namely to detect malware and remove it from infected files.
What issues are there with antivirus products?
Antivirus products are often not fully understood by companies which run them. This means that they are not properly used or provide a different level of protection that they are believed to. These are:
Viruses are just one type of attack
The most common mistake is not understanding that antivirus and malware are just one type of attack which organisations face. There is a constant battle between attackers and antivirus companies which means that the types of attacks are constantly evolving. This means that, increasingly, attacks are not traditional viruses so traditional antivirus products offer little or no protection against them.
There are many types of antivirus product
Antivirus products are most commonly deployed on PCs and laptops to protect files from viruses (known as endpoint protection) but this is just one type of antivirus product. Viruses and malware can spread via other routes such as file servers, email servers and collaboration and document management servers (such as SharePoint) and mobile devices (such as mobile phones and tablets). Unless these points are protected, viruses and malware can infect data on these locations resulting in data loss, reoccurring infections and disruption to your staff and clients.
They are reactive, not preventative
Most antivirus and anti-malware products installed on workstations (such as desktops and PCs – known as endpoints) or servers are reactive. This means that they can only identify an infection once it has happened. However, when a file has been infected, this means that the malware has entered your network and could have infected other files on other machines as well. To make matters worse, not all antivirus products are able to remove infections from files, meaning that valuable data can be lost.
As malware becomes more complex, many antivirus products struggle
According to Watchguard Technologies, a company which specialises in IT security, antivirus solutions are increasingly having trouble identifying malware attacks. Their researched showed that in Q4 2016, legacy AV missed 38% of malware.
There are a few reasons for this trend, but the two main factors are that malware authors are increasingly using advanced techniques to evade traditional antivirus products and that attacks are now more automated than before. This means that attacks are sufficiently different each time for antivirus programs not to recognise them and that they indiscriminately attack more victims than ever before, overwhelming antivirus companies’ security staff.
What is the solution?
Antivirus products are a key part of any security solution, but they are only a single part and not a total solution in themselves. A security strategy for organisations of all sizes should, as a minimum, include:
- Antivirus software on endpoints and servers.
- A Unified Threat Management firewall.
- A reliable and regularly tested backup solution.
- A full inventory of which systems you use.
- A patching strategy to make sure that all systems are kept up to date.
- Robust HR policies to cover acceptable use of IT systems by staff.
- Regular staff security training.
IT security isn’t hard or expensive, but it does need careful thought. If you need help, IXCG offers a number of solutions and fully managed services to allow you to focus on running your business, without having to worry about security.