Apr 23, 2012
Any discussion of external threats to our data will include terms describing different types of malicious software that can infest your network. Most of these destructive programs have targeted Microsoft Windows based machines. However reports have been coming in of late that Apple and Android based tablets, smartphones, and Apple PC’s are being affected as well. I have also heard that video conferencing, GPS systems, and gaming console are also being targeted.
- Malware – Malware (which is short for malicious software), is a blanket term referring to a program designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems.
- Virus – A computer virus is a malware program that can replicate itself and spread from one computer to another. Viruses can increase their chances of spreading to other computers by infecting files on a network that is accessed by other computers. One of the most infamous viruses was the Melissa virus in 1999. It was passed in Word Macros. It is estimated that the Melissa virus did over $80 million dollars in damages by slowing down networks, altering data on computer hard drives, and physically damaging some of the drives. In particular, it brought mail servers down as they crumbled under the increased load of replicating the virus to people on the end user’s address books.
- Spyware – This is a type of malware that collects information about users without their knowledge. The worst type of spyware is a keylogger. Keyloggers record all of your keystrokes and send them to a hacker. In this fashion they can obtain, logon ID’s, passwords, credit card and banking information.
- Adware – This type of malware is designed to show unwanted pop-ups. It generates revenue for its creators by showing paid advertisements. Another type of adware is shareware. Typically shareware is downloaded as a free program supported by advertisements. You may be offered the opportunity to buy a version of the product that does away with the advertising pop-ups.
- Phishing – Phishing involves sending email messages that seem to come from trusted sources and attempts to harvest confidential user data. This type of malware needs significant end user cooperation to be successful. Confidential information is not stolen by the software as much as offered to the hacker by the end user. The Nigerian scam is a good example of this.
- SPAM – This is a term derived from Spiced Ham and is a precooked meat product made by Hormel Foods Corporation first introduced in 1937. It also is a term referring to using electronic messaging systems to send unsolicited bulk emails indiscriminately. The term comes from a Monty Python skit in which Spam is included in almost every dish. If you are not filtering your incoming emails to weed out the SPAM, it is likely that your end users are getting bombarded with dozens, or even hundreds, a day. This can waste valuable work time as they attempt to discern the good emails from the SPAM emails.
To protect yourself from these types of threats, you need to take a layered approach from multiple vendors. The solutions can be in hardware devices or software installed on a server. Usually the first line of defense is a firewall. The firewall will filter traffic before it enters your network. If malware makes it past your firewall, the next defense may specifically filter incoming email before it gets to your mail server. There may also be a device that specifically targets internet browsing. The last line of defense is a good malware scanning software package that protects your workstations and servers. Most vendors will offer devices or software that perform all of these functions. The problem is a vendor will use the same technology for all of their products. If a type of malware is not detected at one level, chances are it will not be detected by subsequent levels. Using different vendors at each level increases the chances that the majority of malware will be stopped before it does any damage.
Hopefully, I’ve been able to clarify some of the terms that come up during a discussion about cyber-security. The protections I have mentioned have been used successfully to mitigate some of these risks. If these measures do fail, your best protection is a cyber-security policy. Do your best to protect your company’s information from loss, and do your best to protect them when the loss inevitably occurs.