5 reasons why antivirus fails to protect small business

Antivirus fails to protect Small Business for these 5 Reasons

All small businesses know they should be using antivirus. Cyber security experts suggest that antivirus is an excellent first step to protecting your business from malicious software, also called malware. There are many types of malware used by criminals, such as one that will steal money from your banking account (called a banking trojan -- like a modern trojan horse), or encrypt all your systems holding you to ransom (called ransomware). 

However, it has been found that cybercriminals are now improving and modifying this malicious software to defeat most of these products sometimes on an hourly basis. Often this results in an infected computer which has protection installed. This problem is why we developed our Cyber Safety Service to give small business the capabilities of an enterprise (read more about our network monitoring and vulnerability scanning).

Below we will explain 5 reasons why it doesn’t stop current infections and doesn’t mitigate all risks for small businesses.

1. They only test a subset of known viruses

Most of these products have a plethora of signatures for viruses that they have analysed over many years. The problem is that using them all, every time a program is run or file accessed, would bring everyone’s computer to a halt much like a traffic jam. The challenge they face is that each of these signatures has to be run one after another, on every single file on your computer. This happens when a scan performed or when to a new file is executed (most programs you use have hundreds of files that all need checked each time you run them).

Over time, most of these products have been running hundreds of thousands of checks or signatures they need to use against every single file. Even for a simple program to run on your computer, it would result in it taking hours to load and run, which is entirely unusable for most people. As a result, only a small subset of these are possible to run, and most will run only a tiny subset of signatures about 10000-20000 and look for the most recent. As the malware or virus changes, they may need to have 5-20 signatures for one type of ransomware or other malicious software. The result is they are only able to pick up possibly 20% of all the currently known viruses let alone all the new ones coming out daily. They need to do this to balance the usability vs detection balance.

This is not a problem for network-based security, where we can run billions of signatures in the cloud without impacting your laptop.

2. There is a delay for new campaigns

When a new or unknown virus appears (referred to as being “in the wild”) and they start impacting people, it takes a period of time before a new signature is able to be created. They first need one of their products to pick up a strange behaviour and send the sample of the suspected file in to be analysed or alternatively have it sent to them by a third party.

These campaigns can occur on a weekly basis and are there are usually a number of new campaigns for banking trojans (malicious software waiting for someone to connect online to their bank and stealing their money) or Ransomware. These can take days if not weeks to be able to be detected and this leaves a window of opportunity in which is too late for most organisations. Their behavioural and heuristic detections are being bypassed and tricked so not always able to detect the new threats and only if configured as per point 3.

Through our extensive community of users, we can see patterns in interactions with the internet before an attack happens and quickly identify malicious files involved in this before they cause damage.

Check out how our Cyber Safety Service provides visibility of these changing campaigns.

3. Organisations don’t enable active scanning due to performance issues

In most cases, organisations will not enable it to actively scan any running program but only scan every night to reduce the impact on their users. This will often result in the most serious threats such as Ransomware already impacting the business and caused damage before running.

Having a security solution that gives you the protection you need without impacting your business performing as needed is key for small businesses to compete with peers. Network-based security takes the load off your servers and mission-critical systems but still provides the security you need. Large banks and financial traders have used this security capability for decades. 

Check out how our Cyber Safety Service can see attacks without impacting performance.

4. Not all attacks on are virus based

Although we hear about Ransomware and infected systems there are many attacks which are either based off phishing which allows attackers to steal user’s legitimate credentials to email and systems or have security vulnerabilities that are directly exploited by cybercriminals. This is not able to be protected by an anti-virus solution. Small businesses need to have something that checks all their computers to ensure they have the latest software and not at risk of being hacked.

When a file is not used your antivirus is sitting around delivering no value. Complementing this with an advanced AI enhanced network-monitoring can identify file-less malware and help you stay ahead of the criminals. 

Check out our Cyber Safety Service which identifies remote attackers targeting laptops in your business.

5. Most criminals test their attacks against popular antivirus products.

Most of the malware criminals use in new campaigns against businesses are tested in what they call farms which tests their new attacks against the majority of products on the market to ensure that they are effective before they are sent to you.

This in addition to the use of small batches means that often they are undetectable for a while due to issue 2 the delay in companies getting signatures. With a smaller batch that is tested to not be detected, it takes the vendors longer to get a sample and create a signature.

Our detection capabilities are in our cloud, not a piece of software any criminal can download. Check out our network security monitoring capability.

Summary

Overall it can be a useful tool for small business to have installed however it is only one small subset of the capabilities small businesses need, to protect themselves against the threats they face from cybercriminals. They need to have more advanced and adaptive products that can analyse and detect evolving threats and at a network layer as well as on individual computers, looking for more than just the files.

They need to be predictive of new attacks and campaigns which is why we have created our “Cyber Safety Service” to help identify internal vulnerabilities of systems which would not be identified by antivirus or traditional controls such as firewalls, as well as monitoring for new and previously unknown viruses or malware through AI and advanced machine learning.

To see a new way to manage security from these threats see how we help you with Risk Management or learn more about Cyber Security.

If you are looking for a quality antivirus or anti-malware product, we recommend the one we use which is Malwarebytes for Small Business.