Polymorphic malware is an increasingly prevalent cyber threat which simply cannot be countered by traditional signature-based security measures. Instead, strategic investment in behavioural-based security measures, combined with employee education and regular software updates, can be used to create a robust, multi-layered approach that's far more effective in today's cyber security climate. Below are three key areas where security efforts should be focussed:
Consistent cyber security training
A large number of successful cyber-attacks start with an employee unwittingly clicking on a phishing email or malicious file attachment. Consistent employee training helps educate employee on tell-tale signs of attempted attacks, which in turn can significantly reduce the number of breaches that allow polymorphic malware in to begin with.
Invest in behaviour-based detection tools
Polymorphic malware is specifically designed to evade detection by traditional antivirus tools. As such, investments in this area can be largely futile and a waste of money. Instead, organisations should focus on more advanced, behaviour-based detection techniques. These methods offer the ability to track the way data is accessed and used by employees over time, with any suspicious activity automatically flagged. Behaviour-based solutions, like endpoint detection and response or advanced threat protection, can also pinpoint threats in real time before any data is compromised.
Ensure software is always kept up to date
Perhaps the most straightforward way of improving security against malware is ensuring that software and applications used within the organisation are always kept up to date. Major software vendors, such as Microsoft, Apple and Oracle, regularly issue crucial security patches for new vulnerabilities discovered within their software. Failure to install these promptly creates breach windows that are open to exploitation from anyone with knowledge of the vulnerabilities. Despite this, it can often be days, weeks or even months before these patches are installed, creating unnecessary risk. All organisations, no matter how big or small, must adopt a 'patch early, patch often' mantra.
Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.
James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
More articles by James
Cyber Pulse: Edition 105
Cyber Pulse: Edition 104
Cyber Pulse: Edition 103
Cyber Pulse: Edition 102
Cyber Pulse: Edition 101
4 things you need to know about cyber security in 2020
How does Ransomware-as-a-Service work?
Phishing Campaigns: Defending organisations against phishing
Is Mr Robot a good representation of real-life hacking and hacking culture?
Safeguarding your Digital Footprint