This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

Malware Threats Using Google, Microsoft as Vectors

Mainstream reporting on data breaches and cybersecurity tends to focus on large-scale, high-profile attacks against global brands. Those, after all, are the ones every reader recognizes.  But following only the news about attacks on large companies can obscure the reality that small and medium businesses actually suffer proportionally more security threats, and are proportionally more affected by actual incidents. Case in point: headlines in the tech news are reporting on ransomware threats that hitchhike on Microsoft, Google, and other mainstream provider "updates." This is not a new threat, but it can be a devastating one.  

Malware and ransomware cost billions of dollars a year in lost data, lost time, PR efforts, legal exposure, and professional fees.  Most devastatingly for small and medium sized businesses, they can impair or threaten customer relationships by exposing customer data to theft or misuse.  

Why It Matters

If you are a business owner, take some time to keep up with tech headlines and make sure you are also keeping up with a cyber security plan that includes hardware and software updates along with personnel awareness training. Be especially mindful that you update regularly and that you can spot a fake update message -- and don't let just anyone install upgrades and patches to your network.

Understanding what is really out there -- not just the big news about big tech threats -- and making your people aware of it can forestall all manner of difficulties. By far, the majority of incidents I see among clients are phishing emails, ransomware, fraudulent "change of payment" email instructions, and similar schemes. They keep coming around for a reason: they are cheap to deploy, and they work. Unfortunately, they can also result in seven-figure problems for an affected company. An ounce of prevention is still cheaper than any cure.  

Security experts have long noted the need for organizations to have multi-layered defenses in place to defend against ransomware and other threats. This includes having controls for endpoint detection and response, user and entity behavior-monitoring capabilities, network segmentation to minimize damage and limit lateral movement, encryption, and strong identity and access control -- including multi-factor authentication.

Tags

data security and privacy, hill_mitzi, insights