June 3, 2014

Cyber Attack in headlines – Advisory on effective protection

Posted by

Cyber Attack!

This is nothing new really – it has been progressively getting worse for some time and the recent headlines are about something that has been proliferating for several months.

These attacks, CryptoLocker, Gameover Zeus, GOZeus and P2PZeus are designed to take your money. Viruses are now a thing of the past really.


A quick note to reassure our clients that we are a step ahead of the game.

The recent introduction of the web filtering agent that we rolled out across the board should stop these scams in their tracks. It stops the outbound collection of encryption keys and other payloads in its tracks, or the delivery of stolen information. The external locations cannot be found, and therefore cannot be reached. Simple but effective.

We have also been managing the patching/updating of all machines for some time now. These continuously fix security weaknesses. This was introduced across the board at no extra cost quite some time ago.

Plus the move to Webroot endpoint protection last year. This is very different to traditional AV.

Traditional Anti-virus – Effective?

Most people are still in the mindset that their Anti-virus will protect them. This is simply no longer the case. These products are purely reactive and are always out of date. It takes the companies time to analyse viruses, then test and release the signature files, and then more time for your machine to periodically download the update. This can be as much as 1-2 days. The horse has already bolted!

It is even rumoured that several of the main players in endpoint security are starting to realise that the game is over.

We are not suggesting that you do not use an endpoint security (anti-virus/anti-malware etc.) product, but that you use it as well as several other forms of protection.

Multi-layered Protection

We strongly reiterate that modern computing requires multiple layers of protection. There is more to this in our IT Security page, but these are the minimum essential components needed:

  1. Decent (not free) Anti-virus/anti-malware protection
  2. E-mail security software that scans inbound e-mail
  3. Regular patching of all machines
  4. Efficient spam filtering
  5. Corporate strength firewalling
  6. Web content filtering and security
  7. An effective company policy with regards to peripheral devices on corporate networks: USB sticks, Mobiles etc.
  8. User awareness and behaviour