Antivirus products are at best a backup

Governance, training play the most critical roles in protecting your network


Published:

Perhaps you heard about this network security nightmare earlier this year: After their computer network and data systems were essentially kidnapped by hackers, Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 in ransom.

As reported on Sophos.com, ransomware infected computers across the organization and the impact was severe: Ambulances were diverted, electronic medical records disappeared, email was unavailable, and there was no access to X-ray or CT scan information. Radiation and oncology departments apparently pretty much shut down; their employees apparently banned from even turning on their computers.”

Because the matter is under investigation by the FBI, how the ransomware hit the hospital hasn’t been disclosed. However, ransomware is typically spread through email phishing campaigns that convince employees to click on a malicious link, launch a malware-laden attachment or divulge sensitive credentials on imposter websites. HPMC’s antivirus product was clearly oblivious to this crypto-malware, and once it got into a single computer, it spread rapidly to other computers across their network causing havoc.

It took a while, but hospital operations slowly returned to normal. Whether Hollywood Presbyterian should have paid the ransom is the subject for another article. However, this event was a reminder of how vulnerable all businesses can be.

More than a few security experts took a deep breath and said, “There but for the grace of god … It could have been my company/organization/school/hospital experiencing a catastrophic event!”

That is because we are all targets, individuals and companies, and we are all being probed, tested and phished 24/7. The hospital attacks and others like it are blunt reminders that most antivirus products cannot protect us from employees clicking on ransomware phishing attacks.

Antivirus software took another blow recently when it was revealed that the products of multiple vendors contained critical vulnerabilities putting at risk the very systems they are tasked with protecting. Nothing should be more securely programmed than a security product itself.

Researchers from Google’s Project Zero team discovered multiple critical exploits in Symantec’s antivirus product. Help Net Security reported multiple antivirus companies have suffered similar security lapses in recent years, including Comodo, Trend Micro, Kaspersky and FireEye.

To Symantec’s credit, they pushed updates within days to fix the vulnerabilities found by Google researchers.

The implications of these vulnerabilities are significant – an antivirus product attacked through these vulnerabilities can be disabled so a hacker can move around inside your computer unchecked. Once inside your computer, hackers can use the same vulnerabilities within AV products across all your company’s workstations to take down systems, steal your data, encrypt everything you have for ransom (aka ransomware), or worse – change it or delete it all.

Hackers are getting ever more devious, attacking the very tools meant to detect and protect systems from attack.

With hundreds of thousands of new viruses launched daily by hackers, what can we do? Consider that Gartner shockingly reported that antivirus solutions only detect 25 to 50 percent of newly released viruses. Maybe the solution lies with the employee rather than a technical magic bullet. Providing rigorous training and strong governance policies to your employees can stop a virus from ever launching and spreading across your network. Governance and training play the most critical roles in protecting you. Antivirus products simply back-up employees when they forget their governance and training, and click.

Craig Taylor, chief security officer for Neoscope Technology Solutions, Portsmouth, can be reached at CTaylor@neoscopeit.com.

Edit ModuleShow Tags
Edit ModuleShow Tags