5 reasons why antivirus fails to protect small business
Antivirus fails to protect Small Business for these 5 Reasons
All small businesses know they should be using antivirus and this often seen as a good first step to protecting your business from malicious software that will steal money from your banking account, or encrypt all your systems, therefore, holding you to ransom. However, it has been found, that cybercriminals are now improving and modifying this malicious software to defeat most of these products sometimes on an hourly basis. Often this results in an infected computer which has protection installed. This is why we developed a world-leading Security-Operation-Center in a box to give small business the capabilities of an enterprise (read more about our network monitoring and vulnerability scanning).
Below we will explain 5 reasons why it doesn’t stop current infections and doesn’t mitigate all risks for small businesses.
1. They only test a subset of known viruses
Most of these products have a plethora of signatures of viruses that they have analysed over many years using them all every time would bring everyone’s computer to a halt much like a traffic jam. The challenge they face is that each of these signatures has to be run one after another on every single file on your computer it wants to check in a scan or when to execute a new file is run (most programs you use have hundreds of files that all need checked each time you run them). Over the time most of these vendors have been running, there have been hundreds of thousands of checks or signatures they need to use against every single file. This would mean that for a simple program to run on your computer it would result in it taking hours to load and run which is completely unusable to most people. As a result, only a small subset of these are possible to run and most will run only a small subset of signatures about 10000-20000 and look for the most recent. As the malware or virus changes, they may need to have 5-20 signatures for one type of ransomware or other malicious software. This means that they are only able to pick up maybe 20% of all the currently known viruses let alone all the new ones coming out on a daily basis. They need to do this to balance the usability vs detection balance.
This is not a problem for network-based security where we can run billions of signatures in the cloud without impacting your laptop.
2. There is a delay for new campaigns
When a new or unknown virus appears (referred to as being “in the wild”) and they start impacting people, it takes a period of time before a new signature is able to be created. They first need one of their products to pick up a strange behavior and send the sample of the suspected file in to be analysed or alternatively have it sent to them by a third party. These campaigns can occur on a weekly basis and are there are usually a number of new campaigns for banking trojans (malicious software waiting for someone to connect online to their bank and stealing their money) or Ransomware. These can take days if not weeks to be able to be detected and this leaves a window of opportunity in which is too late for most organisations. Their behavioural and heuristic detections are being bypassed and tricked so not always able to detect the new threats and only if configured as per point 3.
Through our extensive community of users, we can see patterns in interactions with the internet before an attack happens and quickly identify malicious files involved in this before they cause damage. Check out our brAIn box.
3. Organisations don’t enable active scanning due to performance issues
In most cases, organisations will not enable it to actively scan any running program but only scan every night to reduce the impact on their users. This will often result in the most serious threats such as Ransomware already impacting the business and caused damage before running. Having a security solution that gives you the protection you need without impacting your business performing as needed is key for small businesses to compete with peers.
Network-based security takes the load off your servers and mission-critical systems but still provides the security you need. Large banks and financial traders have used this security capability for decades. Check out our brAIn box.
4. Not all attacks on are virus based
Although we hear about Ransomware and infected systems there are many attacks which are either based off phishing which allows attackers to steal user’s legitimate credentials to email and systems or have security vulnerabilities that are directly exploited by cybercriminals. This is not able to be protected by an anti-virus solution. Small businesses need to have something that checks all their computers to ensure they have the latest software and not at risk of being hacked.
When a file is not used your antivirus is sitting around delivering no value. Complementing this with an advanced AI enhanced network-monitoring can identify file-less malware and help you stay ahead of the criminals. Check out our Cyber Safety Service.
5. Most criminals test their attacks against popular antivirus products.
Most of the malware criminals use in new campaigns against businesses are tested in what they call farms which tests their new attacks against the majority of products on the market to ensure that they are effective before they are sent to you. This in addition to the use of small batches means that often they are undetectable for a while due to issue 2 the delay in companies getting signatures. With a smaller batch that is tested to not be detected, it takes the vendors longer to get a sample and create a signature.
Our detection capabilities are in our cloud, not a piece of software any criminal can download. Check out our network security monitoring capability.
Overall it can be a useful tool for small business to have installed however it is only one small subset of the capabilities small businesses need, to protect themselves against the threats they face from cybercriminals. They need to have more advanced and adaptive products that can analyse and detect evolving threats and at a network layer as well as on individual computers, looking for more than just the files. They need to be predictive of new attacks and campaigns which is why we have created our “Cyber Safety Service” to help identify internal vulnerabilities of systems which would not be identified by antivirus or traditional controls such as firewalls, as well as monitoring for new and previously unknown viruses or malware through AI and advanced machine learning.
Here are some good (some free) AV products we have used:
Please sign up to our mailing list to keep up to date with how we are helping businesses protect themselves.