Antivirus fails to protect Small Business for these 5 Reasons
All small businesses know they should be using antivirus and this often seen as a good first step to protecting your business from malicious software that will steal money from your banking account, or encrypt all your systems, therefore, holding you to ransom. However, it has been found, that cybercriminals are now improving and modifying this malicious software to defeat most of these products sometimes on an hourly basis. Often this results in an infected computer which has protection installed.
Below we will explain 5 reasons why it doesn’t stop current infections and doesn’t mitigate all risks for small businesses.
1. They only test a subset of known viruses
Most of these products have a plethora of signatures of viruses that they have analysed over many years using them all every time would bring everyone’s computer to a halt much like a traffic jam. The challenge they face is that each of these signatures has to be run one after another on every single file on your computer it wants to check in a scan or when to execute a new file is run (most programs you use have hundreds of files that all need checked each time you run them). Over the time most of these vendors have been running, there have been hundreds of thousands of checks or signatures they need to use against every single file. This would mean that for a simple program to run on your computer it would result in it taking hours to load and run which is completely unusable to most people. As a result, only a small subset of these are possible to run and most will run only a small subset of signatures about 10000-20000 and look for the most recent. As the malware or virus changes, they may need to have 5-20 signatures for one type of ransomware or other malicious software. This means that they are only able to pick up maybe 20% of all the currently known viruses let alone all the new ones coming out on a daily basis. They need to do this to balance the usability vs detection balance.
2. There is a delay for new campaigns
When a new or unknown virus appears (referred to as being “in the wild”) and they start impacting people, it takes a period of time before a new signature is able to be created. They first need one of their products to pick up a strange behavior and send the sample of the suspected file in to be analysed or alternatively have it sent to them by a third party. These campaigns can occur on a weekly basis and are there are usually a number of new campaigns for banking trojans (malicious software waiting for someone to connect online to their bank and stealing their money) or Ransomware. These can take days if not weeks to be able to be detected and this leaves a window of opportunity in which is too late for most organisations. Their behavioral and heuristic detections are being bypassed and tricked so not always able to detect the new threats and only if configured as per point 3.
3. Organisations don’t enable active scanning due to performance issues
In most cases, organisations will not enable it to actively scan any running program but only scan every night to reduce the impact on their users. This will often result in the most serious threats such as Ransomware already impacting the business and caused damage before running. Having a security solution that gives you the protection you need without impacting your business performing as needed is key for small businesses to compete with peers.
4. Not all attacks on are virus based
Although we hear about Ransomware and infected systems there are many attacks which are either based off phishing which allows attackers to steal user’s legitimate credentials to email and systems or have security vulnerabilities that are directly exploited by cybercriminals. This is not able to be protected by an anti-virus solution. Small businesses need to have something that checks all there computers to ensure they have the latest software and not at risk of being hacked.
5. Most criminals test their attacks against popular antivirus products.
Most of the malware criminals use in new campaigns against businesses are tested in what they call farms which tests their new attacks against the majority of products on the market to ensure that they are effective before they are sent to you. This in addition to the use of small batches means that often they are undetectable for a while due to issue 2 the delay in companies getting signatures. With a smaller batch that is tested to not be detected, it takes the vendors longer to get a sample and create a signature.
Overall it can be a useful tool for small business to have installed however it is only one small subset of the capabilities small businesses need, to protect themselves against the threats they face from cybercriminals. They need to have more advanced and adaptive products that can analyse and detect evolving threats and at a network layer as well as on individual computers, looking for more than just the files. They need to be predictive of new attacks and campaigns which is why we have created the “brAIn box” to help identify internal vulnerabilities of systems which would not be identified by antivirus or traditional controls such as firewalls, as well as monitoring for new and previously unknown viruses or malware through AI and advanced machine learning.
To see a new way to manage security from these threats see our “brAIn box”
Here are some good (some free) AV products we have used:
Please sign up to our mailing list to keep up to date with how we are helping businesses protect themselves.