5 Things Your Antivirus Won't Protect You From


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Thursday, August 23, 2018

Antivirus is an essential first line of defense against cyber-attacks - but there are many threats it won't protect you from. Here are five key risks to be aware of.

Article 3 Minutes
5 Things Your Antivirus Won't Protect You From

Every month, it seems there are reports in the news about another major business falling victim to some form of cyber-attack. The biggest breaches can affect millions of customers, and be hugely costly for companies, both in terms of financial losses and reputational damage.

This is not only a threat that's reserved for the largest organizations. For instance, Verizon's 2017 Data Breach Investigations Report found that 61 percent of firms that fall victim have under 1,000 employees. Therefore, it's vital for businesses of all sizes to have a comprehensive security plan in place to protect them from these growing threats.

For many companies - especially less sizeable enterprises, a central pillar of this plan will be antivirus software. This is often seen as the first line of defense against threats, but are businesses relying too heavily on this alone? If you are securing your house, there's no point adding a high-security lock to the front door if you leave the windows wide open - yet this is exactly what businesses will be doing if they don't have a comprehensive security plan.

There are many dangers out there that traditional antivirus won't be able to stop, so if businesses are placing all their faith in these tools, they may be leaving themselves exposed. Here are five key threats antivirus won't protect you from.

Compromised devices

For many businesses, their IT estate is no longer limited solely to devices that have been purchased, approved and installed by the IT department. For instance, a large number of firms now operate - with varying degrees of oversight - bring your own device (BYOD) programs that enable employees to use personally-owned devices, including laptops, smartphones, tablets and even storage devices like USB sticks, within the business. If not properly managed, these devices could be an easy entry point for malware if they are compromised.

Malicious insiders

One particularly challenging aspect of security for any business is the risk of malicious insiders. This could involve individuals accessing customer data they are not supposed to, stealing intellectual property or even actively sabotaging systems. Antiviruses won't help with this, but businesses can still mitigate this risk with monitoring tools that can highlight any unusual activity, such as employees making changes in applications or repeatedly accessing certain files.

Advanced persistent threats

One of the most dangerous risks facing businesses today, advanced persistent threats (APTs) are highly sophisticated attacks that are often engineered specifically to avoid detection by standard antivirus and antimalware defenses. Such threats could lie dormant within a network for weeks or even months after being introduced, before its controller activates it in order to scour networks for valuable data. Once inside a network, they can be hard to track, but there are a few telltale signs, such as files being accessed at unusual times, or large transfers of data, that can alert a business to an APT's presence.

Social engineering and user errors

Often, the easiest way for criminals to gain access to a business' network is not by developing complex malware tools, but by tricking individual employees into giving them the info they need. Social engineering attacks such as spear-phishing are an increasingly effective way of gaining access to sensitive data. Even if companies have tools in place to detect these, taking advantage of poor user practices and mistakes - such as easy-to-guess passwords or failure to change default settings - can be highly effective and may undo all the good work businesses do to protect their systems.

DDoS attacks

Distributed denial of service (DDoS) attacks generally don't set out to steal data - though this is an increasingly common effect of such efforts. Rather, their main purpose is to disrupt the working of a business by overwhelming its servers with traffic until they can't cope. This means downtime for critical systems, which leads directly to lost revenue and poor customer service until the attack is halted or successfully blocked. DDoS attacks increased by 91 percent last year and antivirus tools will be unable to do anything about these type of attacks, so firms will need to invest in dedicated solutions for stopping them.

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...