Malware: definition, types, affected industries | Myra

Create backups

In general, all companies must protect critical records from malware attacks or other possible data breaches. Backups should be updated regularly and preferably redundantly stored multiple times. Furthermore, it is advisable to store backups at different locations to achieve geo-redundancy, which also protects backups from fire, water damage, natural disasters, and other outside influences. Depending on the type and scope of the backups, saving them to a private or public cloud is also an option.

Malware scanners

Scanning software used to detect malware at an early stage and keep it away from systems has also become well established. These security tools usually identify malicious programs using hash values that are compared with the results of known malware.

Awareness creates a human firewall

Technical solutions alone do not help to improve cybersecurity. Rather, the person in front of the screen must also be incorporated into a comprehensive security strategy. It is not without reason that the BSI specifications for ISO 27001, based on basic IT protection, specify precise requirements for raising awareness and training personnel. The PCI-DSS international regulations for payment transactions also provide for awareness training for employees. Among the most explosive awareness issues are password security, the benefits of multi-factor login procedures such as 2FA, the benefits and use of data encryption, phishing & social engineering, as well as identifying attacks and malware infestation.

Check email attachements

In particular, the use of secure email helps protect against malware, as it spreads primarily via spam email. For example, file attachments must always be scrutinized critically, even if they originate from emails from known contacts. In the case of unexpected file attachments, such as executable Office documents, it is advisable to contact the sender by telephone to ensure that the attachment is legitimate. This will help prevent a malware infection from continuing to spread. Suspicious emails or files should always be forwarded to the responsible IT unit and the IT security officer. In case of doubt, additional investigations can be initiated to rule out any threats.

Software maintenance

“Never change a running system” is a thing of the past. The motto for anyone who now wants to work with stable endpoints capable of withstanding new types of attack vectors is patch, patch, and patch again! Companies should always keep their systems in operation up to date. This is the only way to ensure that no critical vulnerabilities are lurking in the operating system and application software. On the other hand, those who are negligent in the area of software maintenance are at risk of vulnerabilities to viruses, worms, Trojans, and other threats.

Monitoring and network segmentation

The BSI also advises regular monitoring of log files to detect anomalies in the network at an early stage, as well as consistent network segmentation, which is of great importance in the containment of malware. Companies and users can find additional protective measures to safeguard companies and organizations against malware on the BSI “Alliance for Cyber Security” portal.​