Your Antivirus isn’t Keeping You Safe
It takes less than 3 seconds to find a news headline about organizations brought to their knees by a gang of hackers.
Big organizations, small organizations, you name it, they’ve been hacked before.
Do you think they had up to date antivirus? They most definitely did.
So why is this happening? And what can you do to stop it from happening to your organization?
It’s happening because antivirus isn’t perfect. It’s reactive and focused on only a small piece of the puzzle. It can also be misconfigured (and it often is).
Another reactive security system? Alarms.
Think about your physical office. You probably have an alarm system set up, right? If someone broke in, the alarm would be tripped; if wired properly the monitoring company would be alerted.
The monitoring company would call you and, if you didn’t trip the alarm, would call the police.
It seems straightforward, but there are some catches.
The alarm system catches when the crook is already in the building. The criminal is already going through your stuff. The same goes for antivirus. It’s only triggered after your data has been stolen or encrypted. In both situations the alarm doesn’t go off until after the damage is done.
Both situations only focus on one piece of the puzzle.
Antivirus is often so misconfigured that sometimes an alarm isn’t even raised. In an analysis of more than 10,000 networks, less than 40% had the antivirus configured to alert someone who knew what to do to address the issue. And this is only one type of misconfiguration; there are countless others.
So, what can YOU do as an executive or leader in an organization?
Use multiple systems. Create what we like to call strategic overlap: use multiple tools.
Lastly, consider getting a third-party assessment done.
Have someone come in and analyze your network and your security program. This could be accomplished by doing a recurring vulnerability or penetration test. You can then use the findings to identify weak spots in your program and can prioritize them based on the impact on your organization.