This week I am at the RSA conference in San Francisco and something just dawned on me. There is a significant gap in some of the questions and conversation I have with certain customers and the reality of malware. Not that any of this is new, it has evolved slowly over the last 5 years, but some perceptions have stayed the way they were 5 years ago. For some folks, virus scanning or anti-virus is a commodity and you either have it or you don’t. But the big picture is eluded – the analysis and deep understanding is not there.
It’s no longer just about viruses. Don’t get me wrong, there are still viruses out there, but the reality has evolved. Whereas the Melissa virus was the act of one individual trying to illustrate how good he was, malware is now just a tool in a broader industry. And this industry is about making money with your data. Specialization has occurred in this industry and the whole thing works together for profit. Now there are infiltration specialists--people whose job it is to find an open door into your organization and discover valuable information within the organization without being detected. The knowledge is then sold to someone who knows how to get it out or destroy it and ultimately profit from what an organization failed to protect. Here is where viruses and malware, in general, appears.
You also have people who are specialist at building tools and make money selling them. These can be full blown viruses that spread to build botnets with command and control. But they mostly are exploits that can be used to navigate from the internet to the data stored inside your organization. These guys are good, and the exploits are quite spectacular: we've seen everything from Ransomeware like Cyptolocker to lighting your PC on fire. The exploit kits are sold though advanced business models with hosted leasing on a daily, weekly or monthly basis.
Have you taken the time to identify what is the most important information in your organization and put measures in place to protect it? For Netmail, a software company, some of our confidential data includes our source code and our client list. For you, it might be your clients' credit card numbers or their protected health information (PHI). If you are in the B2B industry, it might be your client list too (I am sure your competitors wouldn’t mind campaigning to them). I'm sure your organization has valuable data that, if circulated, could have an impact on your reputation, your profit or your competitiveness. It's important to identify this information and put in place the necessary controls to protect your information properly and close the door.
Once you've done that, we can talk about email malware filtering. Sure, it's interesting, but you might be more interested in learning how we prevent spearfishing attacks and how we ensure email social engineering attacks don't open a door to your organization. You might also be interested in making sure email is not a vector to exfiltrate information. And you probably want to know how to make sure your very large computing park is not being used as a launch pad to attack other organizations or used as a spam net.
So there is a lot more to it than virus scanning or anti-virus software. Let’s talk about it.