It wasn’t so long ago that an IT manager who loaded the latest anti-virus software onto all the company’s computers could sleep soundly at night, confident the security of the enterprise was assured.
But the technology landscape has changed markedly in recent years with new and sophisticated attacks working around and through security defences. In a darkly ironic twist, Fortinet’s Q3 2017 Threat report highlights the fact hackers are increasingly targeting the anti-virus software intended to repel them as the new doorway to steal an organization’s most sensitive data.
Dark opportunities for cyber criminals
The best antivirus software scans files as they are opened in real time and detects viruses by identifying previously identified versions – and then looking for similar strains. Like all software, antivirus software needs to be kept updated, but too frequently this is overlooked. The AV can only protect against the history if recognizes. Without timely updates, which include information about the new attacks as well as fixes to unintentional flaws found in programs, the risk of a security breach increases.
And then there is the issue of zero-day vulnerabilities. FortiGuard Labs, which delivers security services for Fortinet, uses data collected from more than three million sensors around the globe to protect more than 320,000 customers every day. The lab has discovered over 500 zero days, including three in the most recent quarter.
A zero-day vulnerability is a software programming error or configuration that do not have an official patch or update to fix the issues. If hackers become aware of the vulnerability and use it to exploit the weakness to gain access to data, the attack is referred to as a zero-day attack.
Discovering the existence of vulnerabilities is a race – either the user and developers discover it and have time to create the patch or update – or hackers capitalize on the vulnerability and attack.
Antivirus software is one of the most complicated applications. It is forced to deal with hundreds of file types and formats with the expectation it will guard against some of the strongest, most intelligent viruses ever, without any prior knowledge of similar attacks.
Time to act
While most experts still recommend installing AV software, most caution it should only be part of a multi-faceted approach. It will not stop everything, but it “will keep the noise down.”
You can protect your system and your antivirus by:
- Ensuring all software and security patches are up to date. Download the latest releases and updates to install the patches, and fix the bugs that previous versions may have missed;
- Being vigilant about personal online security best practices; and
- Auditing all security settings for your computer(s), including for the operating system, internet browser(s), and software.
While security tools are intended to help protect you, they can be vulnerable to exploits as well. It is imperative that firms are ensuring their security solutions are updated and patched as necessary. No connected machine is immune from attack.