Why are you still paying for antivirus?

By Kane Lightowler, Managing Director, Asia Pacific & Japan, Carbon Black

Singapore, Japan and Malaysia have singled out cyber-attack as the risk of highest concern according to the World Economic Forum’s 2016 Global Risk report. Singapore’s Minister for Communications and Information Yaacob Ibrahim also recently announced a new, standalone Cybersecurity Act to be tabled in next year’s Parliament. Once instituted, this Act will provide for stronger and more proactive powers in response to cyber-attacks growing in boldness, speed and sophistication.

All these show that traditional security measures such as antivirus (AV) are no longer sufficient in today’s increasingly sophisticated digital landscape. Yet AV is by far the most widely deployed endpoint protection solution, with more than 90 percent of corporate devices running AV software. So where do these new security threats come from?

Kane Lightoweler, MD, Carbon Black, APAC

The biggest bullies are no longer historic nuisance malware that impairs system performance. Advanced threats are the new kid on the block, running amok in the systems of organizations, causing way more damage than was possible before. Today’s security battle is being waged at the endpoint—servers, desktop and laptop computers, mobile devices, and fixed-function device such as point-of-sale machines—because that’s where organizations’ critical information resides. These advanced threats - the brainchild of highly sophisticated cyber criminals, aim to control or destroy an infected system with the goal of stealing economic or strategically important information.

Advanced threats differ from nuisance malware in two distinct ways:
  • Advanced threats are targeted while malware usually aims for a maximum attack surface and is widely distributed. This means that the attacker specifically chooses the victim.
  • Advance threats are driven by human interaction. Rather than a piece of automated code, the attackers interact with the target computers, enabling them to use existing tools on the system to accomplish their goals.

The sophistication of these threats allow it to typically stay undetected for months or even years. According to a report by Ponemon Institute, organizations take an average of 256 days to identify a breach and 100-120 days to response and mitigate, altogether costing the companies an average of USD$3.8mn per breach.

AV can’t keep up

With AV powerless against today’s company-crippling advanced threats, it has resulted in a huge gap in endpoint protection, exposing both large enterprises and SMBs’ alike to a wide range of advanced attacks, costing them millions of dollars. Clearly the traditional approach to endpoint protection is no longer effective.

What organizations need is a paradigm shift in their approach to security investments, evolving and upgrading their defenses to keep pace with these threats. This new generation of defense that has been specifically developed to address advance threats is known as the Next Generation Endpoint Security (NGES).

NGES goes beyond AV’s reactive approach to security and takes on a proactive stance. It continuously scans, monitors and collects data from an organization’s endpoints. By recording an adversary’s every move, security teams can pinpoint the root cause of an attack and ultimately stop the adversary from successfully executing a similar attack in future.

It’s an arms race

Currently, organizations are still prioritizing their investments on antivirus over advanced endpoint threat protection. This investment model is inverted and Chief Security Officers (CSO) need to re-evaluate and invest in solutions that can address the strategic and economic risk of today’s attacks.

As advanced attacks grow to be the biggest financial threat to organizations’ cyber security, it is imperative that advanced solutions should make up the majority of an organization’s endpoint security budget.

With the proliferation of the Internet of Things (IoT), our endpoints will only grow hungrier for more information. This means more attack vectors for cyber criminals and even more data that can be exploited and held ransom. In February 2016, a hospital in California paid a ransom of USD$17,000 to hackers who had infiltrated their network and encrypted their files. In March 2016, another hospital in Kentucky found themselves in a state of emergency after a similar form of attack. Every organization, regardless of size or industry, can be and will be a target. And until these organizations arm themselves with the appropriate security measures, they run the risk of losing millions of dollars in damages.