Businesses today have enough on their plates — such as trying to achieve profitability in competitive marketplaces while dealing with external disruptors like COVID-19 — without experiencing a costly cybersecurity breach, too. Successful cyber-attacks debilitate enterprises in many ways, from downtime resulting in lost revenue, to reputational damage in the eyes of customers who’ve had their data compromised as a result.
No enterprise is 100 percent foolproof, given the ingenuity of hackers and the growing number of attack surfaces businesses must protect. But taking proactive measures against these five predominant types of malware can at least minimize the risk.
Types of Malware Affecting Businesses Today
Part of the challenge is understanding and addressing all the different variations out there. Here’s an overview of five types of malware capable of inflicting serious damage on business networks.
You may remember the tale of the Trojan Horse; in which Greek soldiers hid within a giant wooden horse — while presenting it as an offering. Once the horse was brought inside the gates, the soldiers jumped out, opened the gates to the waiting Greek army and seized the city.
Trojan malware functions similarly by presenting itself to users as a legitimate or helpful application only to capture information or attack the system once a user has loaded it. As ZDNet notes, Trojans often capture valuable information — like login info, screenshots and keystrokes — then send the data back to hackers. Some Trojans permit attackers to make changes to the system or disable cybersecurity measures, too.
Business users may believe they’re simply updating their systems or installing a helpful new piece of software, while unwittingly allowing harmful code through the gates of the company IT network.
Privileged Access Management (PAM)
You have probably used computers and information systems for a while now. Then, you must have certainly come across the argument – computer error. However, how often does the error fall upon the computer? These machines operate on the mantra GIGO – Garbage In, Garbage Out. That is to say; a computer will almost certainly do what it has been instructed to do. Often, the human (user) errored in their dispensing of instructions, and the computer diligently executed the flawed computation. In not so many words, a computer in the wrong hands can lead to colossal damage, losses, confusion, and sometimes loss of lives.
For such reasons, systems admins for businesses grant staff varying access levels to the company’s information system. Junior staff handling lighter duties will have shallower access, while high-level managers and technicians will have deeper access levels. A practice commonly referred to as privileged access management (PAM).
Ransomware typically locks users out of the system until they pay a certain amount of money to the hackers. Of course, there’s no guarantee ponying up the payment will put an end to the saga. To make matters more complicated, there are constantly new versions of ransomware floating around — and any organization can find itself targeted.
Case in point: a U.S. military contractor involved in national nuclear maintenance recently fell victim to “Maze” ransomware, which encrypted files, then attempted to extort payment in exchange for a decryption key. As Threatpost outlines, it took the attack one step farther, pursuing “double extortion” by copying the encrypted files to the hackers’ servers and threatening to leak them unless the company paid again. As you can imagine, this is especially concerning for companies dealing with sensitive and classified info.
Computer viruses are aptly named, as they modify legitimate host files so that the virus is executed whenever the host file is. According to CIO, while viruses currently represent less than 10 percent of all malware, they’re among the trickiest to eradicate once a system has been infected.
Spyware sneakily infiltrates systems, steals information, and delivers it back to the sender — often without the victim even knowing it’s happening. Hackers routinely use this form of malware to obtain private financial information, login credentials or usage data.
Unlike viruses, worms don’t need to be triggered by a user action before they start self-replicating, quickly spreading from device to device. The worm can then begin to bog down these systems, turn devices into “zombies” or even alter code.
Minimizing Malware Risk: Tech & Training
A two-pronged approach is required in this regard; strengthening network security with the right technology/software and training all users on how to avoid phishing scams capable of introducing malware into enterprise IT. In other words, a well-rounded cybersecurity strategy addresses people, processes and platforms.
Malware is a catchall term for malicious software. While these five types of malware all take different approaches, the end result is a potentially expensive data breach that leads to business interruption, loss of client trust and sometimes even regulatory fines. This is why it’s so important to train employees to avoid malware, as well as invest in the software or services needed to identify and thwart these programs before they gain footholds.