According to a new cybersecurity industry report, nearly 20 percent of enterprise computers are hosting some type of malware.
The study found that one of the main ways corporate PCs are being infected with malware is by allowing contractors and third parties to access enterprise networks — sometimes with administrative rights — and not restricting mobile devices.
Organizations in this situation were found to have higher than average rates of infection, Computing reported. The report also noted that there was no correlation between company size and infection rate, with large companies being no better protected than small- and medium-sized business. According to the study, company policies had more to do with the level of protection an enterprise received than size did.
Another major issue covered in the report was the recent increase in the use of ransomware. This type of malware encrypts hard drive files and forces victims to send payment in order to get a decryption key. According to eWEEK, the cybercriminals behind the CryptoLocker virus were reportedly able to collect millions of dollars. When they were finally brought down, the FBI estimated they had made close to $30 million.
With the dismantling of the criminal networks behind Gameover Zeus and CryptoLocker, dozens of smaller cybercriminal groups are filling the void. According to the report, a new virus known as Kovter as started to gain popularity. Between April and June 2014, Kovter infections grew 300 percent.
Basic Techniques Can Stop Spread of Malware
Another key point made in the study was that there is no one way to protect against malware. Certain techniques work better for some companies than others, but there are basic steps that can be taken to improve security.
“There is not a cookie-cutter solution — not everyone can do the exact same thing and be done,” said cybersecurity expert Brian Foster in an interview with eWEEK. “Some organizations will have to allow contractors to access critical data. But there are things you can do to minimize your vulnerability to malware.”
Foster suggested that enterprises disable email links and USB ports to prevent malicious code from compromising systems. Other techniques that businesses can benefit from are managing privileged users and controlling which devices have access to sensitive information and networks.
The use of two-factor authentication is a reliable way to ensure only authorized users are able to connect with privileged data and systems. Those trying to access certain applications are required to produce multiple forms of identification to keep malicious actors from compromising networks.