Malware is a serious threat to small and medium-sized businesses (SMBs) as it can cause damage to a computer system by deleting files, stealing sensitive information, or even encrypting data and demanding a ransom for its release.
In this article, we will discuss what malware is, the protection methods that can be used, what should be included in an Information Security Management System (ISMS) standard operating procedure (SOP), the pros and cons and examples of how a small business can be protected from malware.
What is Malware?
Malware, short for malicious software, is any software designed to cause harm to a computer system, network, or device.
This can include viruses, worms, trojans, ransomware, and other types of malicious code.
These types of malware can cause damage to a computer system by deleting files, stealing sensitive information, or even encrypting data and demanding a ransom for its release.
Why are Small / Medium businesses (SMBs) more vulnerable to malware?
Small and medium-sized businesses (SMBs) are particularly vulnerable to malware attacks due to their limited resources and often less robust security measures.
How to protect your Small / Medium Business against malware?
However, there are steps that SMBs can take to protect themselves from malware.
One of the most effective ways to protect against malware is to implement an Information Security Management System (ISMS) standard operating procedure (SOP).
An ISMS is a systematic approach to managing sensitive company information so that it remains secure.
It includes a set of policies, procedures, and guidelines that organizations use to manage and protect sensitive data.
You can find here a quick comparison of the major Information Security Management System frameworks with pros, cons and use case examples.
An SOP is a detailed step-by-step guide to performing a specific task or process.
What should be included in a “Protection from Malware” Standard Operating Procedure (SOP)
A “Protection from malware” ISMS SOP should include the following key elements:
- Employee education and training on security best practices and how to identify and report suspicious activity
- Regularly scheduled system and network vulnerability assessments and penetration testing
- Implementation of firewalls, intrusion detection and prevention systems, and other security technologies
- Regular updates to anti-virus and anti-malware software
- Data backup and disaster recovery procedures
- Incident response and reporting procedures
- Regular reviews of the ISMS SOP to ensure it remains effective and up-to-date
- Implementing an ISMS SOP can help SMBs protect against malware by providing a framework for identifying and mitigating potential security risks. It also ensures that all employees are aware of the importance of security and are trained to recognize and report suspicious activity.
However, implementing an ISMS SOP does have its downsides.
For example, it can be costly to implement and maintain. Additionally, it can be difficult to ensure that all employees are following the procedures correctly.
Notable Examples of Ransomware Attacks
The WannaCry Ransomware Attacks
One example of a ransomware attack is the WannaCry attack that occurred in May 2017.
The attack affected more than 230,000 computers in over 150 countries, including hospitals, government agencies, and large corporations.
The attack exploited a vulnerability in older versions of the Windows operating system and spread rapidly through networks using a worm-like mechanism.
Once a computer was infected, the ransomware encrypted the victim’s files and demanded a payment of $300 in Bitcoin to restore access to the files.
Many victims were unable to restore their files, even after paying the ransom, and the attack caused significant disruption and financial losses. The attack was notable for its widespread impact and the use of a worm-like mechanism, which allowed it to spread quickly and effectively.
The Ryuk Ransomware Attacks
Another example of a ransomware attack is the Ryuk attack that occurred in 2019.
This attack targeted large organizations, particularly in the healthcare, finance, and government sectors.
The attackers used a phishing email to infiltrate the victim’s network and then used remote access tools to move laterally through the network and infect other systems.
They then deployed the Ryuk ransomware to encrypt files and demand a ransom payment.
The attack was notable for the high ransom demands, which in some cases reached into the millions of dollars, and for the attackers’ use of a targeted approach, focusing on larger organizations with deeper pockets.
Some of the well-known victims of this attack were the New York Times and the Tribune Publishing Company, causing significant disruption and financial losses for these organizations.
5 things to do now to protect your Small / Medium Business from Malware
- Educate your employees. Train them on security best practices using software such as KnowBe4, Webroot, or Eset.
- Schedule regular system and network vulnerability assessments, security audits, and penetration testing using software such as Nessus, Qualys, or OpenVAS.
- Implement firewalls such as Cisco ASA, Fortinet FortiGate, or Check Point.
- Regularly update anti-virus and anti-malware software such as McAfee, Norton, or TrendMicro.
- Develop and implement data backup and disaster recovery procedures using software such as Acronis, Carbonite, or Veeam.
Information Security Management System Mappings covered with the Malware Controls Standard Operating Procedure:
ISO/IEC 27001:
- A12.2 Protection from Malware
- A12.2.1 Controls against malware
AICPA TSC 2017:
- CC6.8 “The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives. “
NIST SP 800-53, Revision 5:
- AT-2 Literacy Training and Awareness
- SI-3 Malicious Code Protection