As 2020 approaches, it comes the impending waves of new malware that businesses will have to defend themselves from.
Myla Pilao, the director of technology marketing for cybersecurity firm Trend Micro, sees three major trends on the horizon: an increase in malware using unconventional behaviors, an emergence of Linux-based malware, and a continued increase in the volume and complexity of info-stealing malware.
When it comes to the classification of malware, Pilao says there are two major identifying factors: the method of entry and the goal (which includes the behavior it undergoes once inside the system).
And when that behaviour becomes untraditional or unconventional, malware is difficult to detect, she said.
“These are the ones that probably would stay in our network, would stay in our devices, for a long time unattended,” said Pilao in an interview with IT World Canada. “They would have a non-traditional way to evade detection. They will probably be using more blacklisting techniques. They might be doing more in the evasion techniques.”
Stealing information from organizations is by no means a new method of attack. This year saw many newsworthy instances of major enterprises being held ransom to such methods.
But Pilao says she expects to see the trend rise even further in popularity in 2020. And though a rise in popularity can be dangerous in and of itself, she says she also expects an increase in complexity.
“Info-stealing will not go away. They will become more penetrating into enterprise networks,” said Pilao. “A couple of years ago info-stealing was more on the social media channels or used in some of the enterprise attacks but just as one of the many attack forms. But next year, we probably will see them more integrated into the enterprise.”
What can you do to prepare for this?
As always, when it comes to cybersecurity, one cannot look past the power of education.
“A lot of cyber education is heavy on education. You as an employee; you as a third party; you as a partner of my organization; you are part of my barometer and my sensor.
Beyond the need to continually educate and empower your team, Pilao does point to a few other steps that businesses can take to protect themselves against the attacks of the near future.
The bigger the organization, the more opportunity there is for bad actors to try to infiltrate you.
So what can you do to minimize that risk when malware attacks are likely to get more complex and operate in unpredictable ways?
Well, according to Dan Struthers, CEO of HardSoft, you must be aware that you can be targeted and take steps
“As mentioned it starts with educating employees. All of the hardware firewalls, cloud backups and techniques can be is place but if any employee clicks on an email the system can still be infected. When we conduct seminars on cyber security for employees, we are always happy to see their faces when they realize how easy it is for attackers to get into the system. ”
Striuthers final recommendation is in his words “non-negotiable”.
“There is no one answer, it is a multi prong approach. You need to number one, look at the security gaps in your hardware and networks. Number two, develop a disaster recovery solution. Disaster recovery is not just data backup, it involves the whole organization so everyone knows their role. Multi day full data back ups are critical and consider going to a virtual backup if downtime is costly. Number three, educate your employees. Continual education is required. New threats are being developed weekly, so the employees must be kept up to date on the latest scams, vulnerabilities and how they need to be diligent.”