How to Protect Against Malware Infections: The Top Experts Speak

Malware. The annoying and hostile malicious software that’s main objective is to access or damage your computer system usually without knowledge by you the owner. We’ve heard of the famed Trojan horses, malware attacks and spyware that infrastrate your security infrastructure and usually either asks for money to return important files, or deletes information all together. When you discover a malware infection, it’s not happy news. But that doesn’t mean you can’t be prepared and ready for such an incident. As we know, the longer is takes to fix a breach in security, the more costly it becomes for the company.

To help with useful advice, we’ve reached out to top cyber security experts in the field to share their tips. We asked them to share two important tips on protecting against malware infections. This is the question we posed:

What are your two pieces of advice for protecting against malware infections?

How to Protect Against Malware Infections: The Top Experts Speak

Meet our Panel of Cyber Security Experts:

Paul EvansJason Hoenich
Philip BanksTrave Harmon
Blake Darché
Mike Baker
Lenny Zeltser
Michael Hall
Kip Boyle
Bryce Austin

PAUL EVANS

Cyber Security Predictions for 2018: The Top Experts Speak

Paul Evans started his career as a Lawyer in the UK with Shoosmiths in 1993, before realizing this was not their vocation and decided to move into IT at the end of 1994 with Memory Technology, a storage company. Subsequently, Evans moved to the States with Shuttle Technology ending up as Business Development Director for the USA and Japan. In 1998, Evans co-founded Redstor with Tony Ruane and in his current role, Evans is responsible for setting the strategic direction of the business and investigating and developing new business opportunities.

This is how best to protect against malware…

  1. Protecting against Malware infections can be a tricky task, however many of them still rely on a human element to initiate an attack, such as someone downloading or accessing a malicious file. Training staff to the dangers of a malware attack and how to spot a malicious file, attachment or email can help to reduce the chance of an infection taking place.
  2. Having a secure, off-site backup is also important for protecting against a malware infection. This will allow an organisation to recover data rather than paying a ransom or losing data entirely; an on-site backup is at danger of being infected by the malware so the copy must be off-site and separate to the network primary data sits on.

PHILIP BANKS

Cyber Security Predictions for 2018: The Top Experts Speak

Banks Technology Services is based in Southwest Virginia and serves clients in the Roanoke, Blacksburg, and Lynchburg areas. They provide a full range of technology services to small/medium sized businesses and nonprofit organizations. Their goal is to use technology to make your business run better.

This is how best to protect against malware…

  1. User education is by far the best defense against malware infections. Most malware still requires a user to click on something to initiate the infection. Training your users on what is safe to click on, what is not, and how to tell the difference is critical to keeping your data safe.
  2. Employees should be using standard or limited user accounts, instead of accounts with administrative privileges. If the user account doesn’t have permissions to execute programs, malware is normally stopped in its tracks.

 

BLAKE J. DARCHÉ

Cyber Security Predictions for 2018: The Top Experts Speak

Blake Darché started his career at the National Security Agency in the field of Computer Network Operations. Since then, Blake has worked for CrowdStrike as an Incident Response Lead and has co-founded Area 1 Security, an anti-phishing company focused on stopping phishing attacks comprehensively and preemptively.

This is how best to protect against malware…

The two predominant malware distribution mechanisms today are phishing and remote based attacks. Comprehensive anti-phishing technology is key to disrupting multi-vector phishing attacks coming through social media, Web or Email. Additionally a robust and strong vulnerability management program and firewalls with properly configured ACL’s are the best way to prevent against remote attacks from the outside.

 

MIKE BAKER

Cyber Security Predictions for 2018: The Top Experts Speak

Mike Baker is Founder and Managing Partner at Mosaic451, a managed cyber security service provider (MSSP) with expertise in building, operating and defending some of the most highly-secure networks in North America. Baker has decades of security monitoring and operations experience within the US government, utilities and critical infrastructure.

This is how best to protect against malware…

  1. Businesses can protect themselves against malware by investing in clean email services that work in conjunction with cloud email providers like Gmail or Microsoft.  These companies front end your corporate cloud mail services and filter out SPAM, phishing and malware before it enters your email system.  The second step is to install strong endpoint protection software that can stop ransomware/malware from being installed.  This software not only protects against like viruses but can block suspicious behavior on your endpoints before it can cripple your business.
  2. Limit Access to Consumer Data —  employees should be able to access only those systems and data that they absolutely need to perform their jobs. So that all activity can be traced to a particular user, each employee should have a unique access ID and should be authenticated using a strong password or passphrase, biometrics, or a token device or smart card. Strong cryptography should be used to render all passwords unreadable during storage and transmission. Physical access to systems and consumer data should also be restricted to prevent employees and building visitors from accessing or removing devices, data, systems, or hardcopies.

 

LENNY ZELTSER

Cyber Security Predictions for 2018: The Top Experts Speak

Lenny Zeltser is Vice President of Products at Minerva Labs, an Israel-based provider of endpoint security solutions. Zeltser is a seasoned business and tech leader with extensive experience in IT and security. As Vice President of Products at Minerva Labs, Zeltser designs and builds designs creative anti-malware products. Lenny is also a senior instructor at SANS and the primary author of FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques, a course he designed as an on-ramp into the malware analysis field.

This is how best to protect against malware…

  1. Incident response teams need to look for ways to more actively combat malicious presence in the enterprise, going the practice of merely identifying which systems might have been compromised. Such steps might entail misdirecting or slowing down adversaries and their tools. A related example might involve vaccinating systems against specific malware families, “persuading” malware that it’s already on the system to prevent the infection in the first place.
  2. It’s especially useful to seek situations where deception could be used to not only detect an attack, but prevent damage in the first place. For instance, evasive malware is often programed to shut itself down if it detects forensics tools or an analysis sandbox. Defenders who fake the corresponding artifacts can fool malware into believing that it’s being analyzed, causing it to terminate itself. Such techniques supplement baseline protection provided by anti-malware tools. In another example of deception on the endpoint, defenders can vaccinate systems against malicious software designed to avoid infecting the host only once by mimicking the associated infection markers. It’s generally easier to fool computer software than a person, which makes these deception methods less risky than those that engage a human adversary. As the result, defenders can create a stronger asymmetry.”

MICHAEL HALL

Cyber Security Predictions for 2018: The Top Experts Speak

Michael Hall is Chief Information Security Officer (CISCO) at DriveSavers Data Recovery. Hall directs and implements policies and procedures concerning the privacy and security of all data at DriveSavers, including highly critical data from government agencies, major corporations and research laboratories. Hall was instrumental in helping NIST, FDIC, OTS and BITS identify the risks of improper screening of data recovery providers.

This is how best to protect against malware…

  1. Besides updated antivirus software, being proactive providing regularly scheduled training and information to all company personnel on the dangers of ransomware is imperative.
  2. In addition, regularly scheduled data backups, and testing to ensure devices and software are appropriately configured and working properly.

KIP BOYLE

Cyber Security Predictions for 2018: The Top Experts Speak

Kip Boyle is a former CISO and now CEO of Cyber Risk Opportunities, which helps executives become better cyber risk managers.

This is how best to protect against malware…

The best way to protect against malware infections is to use a non-administrator account for your daily computing. Over 90% of malware expects the victim to be using an admin account.

 

BRYCE JOSEPH AUSTIN

Cyber Security Predictions for 2018: The Top Experts Speak

Bryce Austin is the CEO of TCE Strategy, a cyber security advisory firm based in Minneapolis, and author of the book Secure Enough? 20 Questions on Cybersecurity for Business Owners and Executives.

This is how best to protect against malware…

Basic cyber security hygiene is essential to preventing malware, such as keeping servers and workstations patched with the latest security updates. Even more important is removing local administrator rights from users’ desktops and laptops. A good cyber security awareness training program is most important of all.

JASON HOENICH

Cyber Security Predictions for 2018: The Top Experts Speak

Jason Hoenich’s the guy behind world-class awareness programs used by mom-and-pop companies like Walt Disney and Sony Pictures Entertainment, as well as the creator of Habitu8’s wildly popular and infectiously funny Hashtag Awareness video series. His oratory prowess has made him a hot ticket on the security awareness circuit, but his talents reach far beyond the realm of coveted public speaker.

This is how best to protect against malware…

  1. Corporate: Educating end users is one of the most powerful ways to help reduce things like malware infections. Using funny, engaging content like short & funny videos, and engaging them with unique and interesting experiences can help to create a culture of security within your organization. Highlighting that users should report any weird stuff happening (and that they won’t be in trouble either). Security awareness is a must. Removing administrative privileges from user accounts. This can prevent nearly 95% of all occurrences of Ransomware, malware etc. if the end users don’t have the ability to run programs like executables and system admin level tasks.
  2. Personal: Install both an AV and Malware scanning software (Avast and Malwarebytes come to mind, and are free). These are the minimal effort you can take to protect you from the most common attacks. Keep those suckers updated! Set your security settings to require you to authenticate with an admin password to install any programs. While this will result in an extra step to install software, doing so can help trigger that “wait, I didn’t want to install something” moment.

TRAVE HARMON

Cyber Security Predictions for 2018: The Top Experts Speak

Trave Harmon is the CEO of Triton technologies, founded in 2001. Triton supports businesses, entities, and government clients worldwide.

This is how best to protect against malware…

  1. Constant updates through a remote management and monitoring tool. We utilize a product called connectwise automate for thousands of our clients and not a single one got a crypto or malware infection because of outdated software.
    1. Bottom up approach. You give people just enough rights in their computer to do their job and not just handing out at the level permissions willy-nilly.

 

READ MORE IN THE SERIES:
Cyber Security in 5 Years: The Top Experts Speak
Top Job Habits Every Cyber Security Expert Should Adopt: The Top Experts Speak
Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak
What Computer Security Experts Wish You Knew: The Top Experts Speak
Cyber Security Predictions for 2018: The Top Experts Speak

Megan Thudium

Megan Thudium

Megan Thudium is a Berlin-based writer with a passion for curating actionable and enlightening content for business leaders. A seasoned author, her latest works encompass topics in travel, business and information security. Follow Megan on twitter @megan_thudium.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *