10 Reasons Today’s Malware Threats Require Defense in Depth

by Don Reisinger

Symantec itself acknowledged that when it comes to antivirus protection, there’s really no such thing as being “safe.” Indeed, the company argues that even with a fully updated antivirus solution, users can only safeguard themselves from approximately half the threats that exist. That’s bad news for consumers and companies.

One of the enterprise’s biggest threats is the general lack of understanding and knowledge of how to stay safe while using computers. Too often, people are duped into clicking on phishing links in emails or ignoring their instinct and going to sites that are teeming with malicious files. Until the corporate world can educate employees, there’s no simple way to keep itself safe from the myriad threats around the world.

Here’s a surprising (and worrisome) fact: Android is now the top destination for malware creators, beating out Windows. What’s worse, mobile malware applications do little to stop a large number of those threats, and users don’t even know they’re at risk. The mobile space is a perfect storm of security woes.

There’s no debating it: Security firms are far behind the hackers. Whether it’s Symantec, McAfee, Kaspersky or others, companies trying to keep people safe can’t keep up with the security threats out there. Those companies do a middling job of finding threats, but chances are, those issues have been in the wild far too long before they’ve been discovered. Simply put, security firms cannot be relied upon as the only line of defense against security issues.

The focus people place on security is all wrong. Too often, we hear stories of massive data breaches and focus on the security issues that caused them. What we don’t focus on, however, is how we’re using the Internet, what Web companies are doing to secure their servers or how we can automate security processes to dull the blow of major outbreaks. The big issues are important to know about, but it’s the supposed “little things,” like run-of-the-mill malware, that ultimately hurt the most people.

The number of ways companies and consumers can be affected by malware today is unprecedented. Long ago, the computer was the biggest threat for security issues. Now, users need to be worried about their smartphones, their tablets, ATM machines and credit card machines. They even need to worry about what they share with companies in the event their servers are hacked.

Despite all the best attempts to inform people of security issues, many people set out on the Web or use their mobile devices under the false pretense that they’re secure. If more people went online or used their Android handset expecting malware to run amok, they’d be more careful, visit only safe sites, think twice about clicking email links and download only reputable apps. Making assumptions about security is the worst mistake we can make.

Here’s a much broader question: How much information should we share with companies that will store that data on their servers? As soon as we share information with companies, it’s kept on servers and we put our faith in those firms in the hope that they’ve properly encrypted the data. If they haven’t, our personal lives are ruined. Servers—simple, Web-connected computers—stand between our relative privacy and the prospect of having our identities stolen.

Following that, there appears to be an issue with trust. People today believe that if they download some antivirus software, they’ll be safe. They also assume that if they go to reputable sites and share information, they’ll have nothing to worry about. Trust is the secret ingredient malicious hackers rely on to wreak havoc on unsuspecting victims. Those victims must remember that.

Let’s just admit it: The malicious hackers around the world are far better at the security game than security experts are. Malicious hackers are constantly working at finding inroads into computers and servers, and security experts don’t discover that until it’s too late. The time has come for the security community to admit it’s losing and try to learn what malicious hackers are actually doing to beat them. If they don’t change, they’ll never change the tide.