How can businesses protect themselves from drive-by download attacks?
Although cybersecurity education isn't quite where it ought to be, most people do have a basic knowledge of security do's and don'ts. In particular, we know we should be wary (perhaps warier) of download links and email attachments. We don't always exercise this, but the knowledge is there.
However, if we really set our sights on practising our basic do's and don'ts, we could probably mitigate a significant percentage of attacks – but what about the percentage that remains?
What's annoying about cybersecurity is that you can only fight the threats you are aware of. In other words, you can't combat the unknown. Unfortunately, while education encourages us not to be too click-happy, some threats don't need one in the first place.
Dealing with drive-by downloads
One example of a threat that doesn't wholly rely on human error is drive-by downloads. Instead, it relies on innocent users being in the wrong web space at the wrong time.
Drive-by downloads target users by compromising legitimate websites and embedding them with malicious content. Once they infect the website, they can redirect users to a malicious site or infect them with a malicious pop-up. Infection occurs almost instantaneously and enables the attacker to install malware onto the user's device.
Hackers can use 'exploit kits' to successfully distribute malicious code to these otherwise innocent websites. These kits work by identifying vulnerabilities across software to take advantage of. In turn, malicious actors can steal sensitive information, such as identity or financial data.
Sadly, even the most established of sites and organisations aren't perfect and can be susceptible to a hack. However, while you can't advise staff to simply not surf the internet, there are some ways to mitigate the risk.
In the enterprise realm
Organisations firstly need to ensure that they are operating with the most up-to-date browsers. While they're at it, they also ought to consider the status of their web-based applications, such as Java.
Perhaps rather obviously, companies should also ensure they have top-notch antivirus and malware detection programs on all PCs. As well as this, businesses should consider deploying ad blockers across all machines to at least stifle that aspect of drive-by attacks.
What some organisations may not have considered yet (and should) is splitting up the company's computer network. For reasons beyond just drive-by's, compartmentalising the overall network ensures that if one goes down, not all of them follow suit.
Finally, today's digital revolution has given organisations many a tool at their disposal. However, it's important to ensure you only have the necessary tools and apps for your business. The larger your portfolio of programs, the higher your risk is for attack.
Shrinking your attack surface area will at least mean you're not spinning too many plates to protect. Thus, organisations must differentiate their must-haves from nice-to-haves and keep apps at a bare minimum.
Don't miss our Big Data LDN Tech Chat episode!