Malicious software has nearly always been a factor to consider when it comes to managing the IT environment. Have we learned the right lessons?
I remember going on calls to a credit card company early in my career, as a then-time field engineer, to diagnose issues that had cropped up on several Dell PCs.
Back in 1991, these were basic PCs with floppy drive systems and 10MB hard disk drives - state-of-the-art desktops at the time, monochrome screens and all.
After some analysis, we concluded that the systems were infected with a virus, a rare occurrence at the time. The Michelangelo virus was just days away from executing, and our options to remove it were limited.
Only two vendors existed to clean malware, and the software had to be downloaded using a 1200 baud modem from a bulletin board. Usually, one vendor or the other would detect and remove the small number of malware samples in the wild at the time. Thankfully, one program proved fruitful, and I was quickly on my way.
Traditional Browsers: No Match for Modern Ransomware
Nearly 30 years later, organizations are still facing the same malware threat, albeit a lot more sophisticated, destructive, and capable of triggering mass outbreaks infecting thousands of systems at a time.
The ferocity of recent malware campaigns is forcing organizations to re-evaluate their internet access policies and web use requirements.
The attack surface for IT has become unmanageable because of the inherent security vulnerability of locally installed web browsers, which are tightly integrated with the local operating system.
78% of all known malware propagates through the web browser. Yes, most businesses deploy a growing arsenal of anti-malware solutions. No, it hasn't made a dent. Sophisticated ransomware variants have become a constant threat.
For heavily regulated industries such as banking, legal services, insurance, and healthcare, where IT compliance is critical to the business, malware is one of the top two or three IT priorities for organizations to tackle.
A few years back, in 2016, we asked on this blog: Ransomware in 2020: Still a Threat? Fast forward to 2019, and we find that the answer may well be “more so than ever.” That means for companies to prevent severe reputational and financial damages, they find themselves under increasing pressure to fundamentally change their approach.
Reactive vs. Proactive Security Models
Reactive security controls such as Antivirus software (AV), content inspection, and web filtering work only when vendors are aware of a particular threat and have applied the necessary updates to signature files and heuristic engines have been applied.
However, it's when Zero-Day attacks happen or content filtering fails that the reactive security model breaks down. This allows malware to pass undetected and spread havoc far and wide.
This failure of reactive solutions is nothing new. The signature update vulnerability window has always been there. Even with all patches applied and the signatures up-to-date, malware slips through and systems become compromised.
While the "malware-to-signature-creation" vulnerability gap keeps getting narrower, this has not been enough to stop determined attacks or sophisticated malware.
One example is the WannaCry ransomware, which exploited a security hole in the file transfer protocol used in Microsoft networks and completely crippled whole organizations.
Should Companies Restrict Internet Access at Work?
Some businesses have terminated personal browsing rights for employees in an attempt to mitigate the threat of ransomware infection via the browser.
This heavy-handed approach to ransomware protection reduces such infections considerably. Research shows that there's a considerable downside, though: employee morale and productivity suffer.
Granting employees access to the web has always been a double-edged sword. Traditionally, employers had to find a balance between the company’s security needs on one side and their employees’ need to access web resources to stay productive.
Wanted: Ransomware Prevention That Works
To date, ransomware is responsible for hundreds of millions of dollars in lost revenue and mitigation costs - and the number of victims and costs keep rising.
In August, 23 state and local government entities in Texas were hit by ransomware in a coordinated attack from a single source. Their operations practically ground to a halt.
The Baltimore City ransomware attack in May of 2019 has cost over $18 million to date. Three months later, affected services and billing systems were still struggling to get back to normal.
While ransomware isn’t the only web-borne threat, it is the one that has companies most worried.
IT departments have started to look more closely at alternatives to the reactive cybersecurity approach, beyond the block-and-tackle solutions that require time-consuming deployment, configuration, and constant fine-tuning.
Proactive solutions have proven to be more effective and require less time and fewer resources, with “set and forget” configurations and little or no rule updates to worry about.
Web Isolation with a Zero Trust Browser
Rather than restricting or shutting off access to web resources for employees, Zero Trust Browsers such as Silo by Authentic8 enable organizations to safely and securely grant access to the internet. This empowers them to leverage the web without incurring the risks associated with traditional, stand-alone browsers.
With Silo, all web content is isolated and executed in a disposable cloud container. No code from the web can touch the endpoint, which eliminates the risk of web-borne ransomware infections or re-infections following a system restore.
Zero Trust Browsers like Silo more manageable and configurable for enterprise environments, including remote workers and third-party contractors.
Silo enables IT and compliance teams to embed policies in the browser and also provides a real-time window into web activities through encrypted, centralized logging. Silo meets both internal and external audit requirements.
Reactive solutions just can't keep up. It's time to learn from more than 30 years of malware and browser vulnerabilities and move on. Is your business ready to forego ineffective reactive solutions, in favor of a proactive security posture?