Staff: Your best Asset and the Weakest Link in your IT Security

Media Division | August 11, 2014

Despite all the best efforts of IT departments, sometimes malware gets through to the end user. When this does occur often the end user is unaware, that they have become the victim of malware and that their actions may have a negative impact on their organisation.

This has as much to do with the techniques that the propagators of malware are using as infection vectors as it does with the actual code itself.  Most businesses now have anti malware control measures in place to deal with the threats from removable devices and BYOD (bring your own devices) brought in by staff. Threats that are delivered by email scam can largely be nullified by using online email traffic scanning services but malware that attempts to deliver itself via webpage is a more difficult threat to counter.

The End User as “Decision Engine”

Web proxy technologies play a large part in stopping computers becoming infected, as do proper software updating policies. The difficulty with this, however, is a combination of zero-day vulnerabilities and webpage malware detection.  For example, let’s say all users in a company have been given access to a small supplier’s webpage. If that supplier doesn’t manage their webserver correctly and it is hacked, malware can then be injected into the webpages. Once again, this can be countered by disabling JavaScript and similar technologies in each Brower in the environment but this could severely impact the ability of staff to view many websites.

At some point the end user may well become the “decision engine” that must decide if a message or pop up is genuine or a sign of malware. This may come in the form of an email from a trusted friend or colleague; or via a webpage that they’ve used, without issue, for years. Social engineering may well play a part and a “customer” may be simply desperate for them to print a PDF document. At this point the staff member’s decision making will be critical in evading the potential threat.

Many companies issue IT guidance for exactly this situation in the form of staff training or documentation. It addition to that, Anti-Virus companies will often try to alert users to current threats.  Sadly, no tactics can ensure 100% protection. This can be evidenced by the fact that viruses like the Sinowal Trojan still represent a real and present threat, even three years after its initial release.

Shifting Tactics

Should the user be duped at this point and fall victim to a malware infection the results can be catastrophic. A shift in tactics from silent information gathering to outright ransom was heralded by the arrival of Crypto locker. While not a new idea, it’s the first encrypting virus to have become mainstream and reach critical mass for many years. On top of its technical proficiency it also hit media headlines which may have helped take some of the sting out of the infection rates.

A fairly simple idea, this Trojan encrypts files and asks the user for a sum of money. The twist (and primary reason for any success) is that payment is via the Bitcoin digital currency, making the transaction totally untraceable.  Actually paying up often results in the promise of an unlock key being kept. After all if word got around that the perpetrators simply “took the money and ran” fewer people would pay.

The problems don’t stop with the encryption of files on the hard disk of the infected PC. This family of malware (there are now many variants of the original with talk of an easy to use “creation toolkit”) also locks down anything on USB storage, NAS drives and any network resources that user has as mapped drives.

If you factor in the fact that many SMEs use file replication technology (DFS for example) that replicate these encrypted files, overwriting other servers’ good data files with the junked files, then the potential disruption and destruction caused by just one poor choice from one unlucky user  could be extremely significant.

There is no one perfect strategy than can totally mitigate the risk of malware to any business, but enabling your IT departments to work hand in hand with staff, so that they learn to become effective “decision engines” and understand the risks and likely attack methods, is a key part of the puzzle.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.