High-profile malware attacks keep putting threat prevention best practices at the top of everyone’s technology list. Just last month there were two major attacks, Google Docs Phishing and WannaCry Ransomware, that spread quickly through exploiting both human and technology vulnerabilities. With each new attack, the importance of layered security continues to be reinforced by both vendor partners and security experts.
Among the most critical security layers are patching, email filter, firewall, anti-virus, secure internet gateway, and security awareness training. While some attacks, like WannaCry, will be prevented by any one of these layers, other attacks, like Google Docs Phishing, will rely on a single layer to stop them.
Each layer serves its own purpose; however, they all complement, build upon, and sometimes rely on the capabilities of other layers. Patching closes holes to prevent malware from exploiting the vulnerabilities they were designed to attack. Email filters help block infections by stopping infected emails (a favorite distribution channel) from getting into inboxes. Firewalls monitor all traffic coming and going from your network and prevent unwanted traffic from entering a secure network. Anti-virus is used to both prevent and remove malicious software from a network. Secure internet gateways add a layer of threat protection for users when they are on or off the company network or working within cloud applications. Security awareness training is becoming the most important layer; as human error becomes easier to exploit than technology, training users on what to look for will only become more critical.
Now, what about those attacks from last month? For WannaCry, Mytech was assured by our internal technicians and vendor partners that any one of the technology layers we have in place would have prevented the attack from executing, and if for some reason the attack made it through one of the layers, there would have been several more to back it up. Google Docs Phishing was only preventable by security awareness and recognition of a potential threat by the person receiving the email.
Do you have all the necessary security layers in place? Contact us, and we'll work with you to ensure your network is ready to take on all threats.