Why your anti-virus software isn’t enough against cyber security threats
In 2016, John McAfee—founder of McAfee Anti-Virus—made waves by declaring anti-virus software to be obsolete technology.
McAfee is often considered to be a conspiracy theorist, and he has not been involved with his former company for years. But his impact on the industry makes his words worth considering.
His dissatisfaction, it seems, stems from the belief that new malware is produced too quickly for anti-virus software to track, and that the dominance of social engineering-based methods of cyber-attack has made anti-virus software ill-suited for the internet’s current security challenges.
This understanding of the cyber security environment is broadly accurate. The amount of malware on the internet is increasing rapidly, and global data compiled by the FBI confirms that social engineering is now the primary method through which cyberattacks are conducted.
The damage caused by social engineering attacks is staggering.
Fraudulent attempts to gain Australian’s personal information accounted for AUD $13m in personal damages between January and October 2019, whereas malware damages totalled less than $140k over the same period.
Business email compromise (BEC) attacks, which involve impersonating key figures through email, caused over USD $26 billion in global damage between 2016 and 2018.
These figures show that there is a clear need to mitigate social engineering attacks, and anti-virus services cannot by themselves provide adequate protection.
Modern cyber security requires holistic solutions
Anti-virus solutions may not be effective as a primary means of defence; however, modern approaches to cyber security are holistic and rely on using multiple solutions in concert to provide end-to-end protection against attack.
Malware protection remains a valuable part of these holistic efforts. Although social engineering methods have become cyber-criminals’ dominant mode of attack, these methods are often used to create vulnerabilities for inserting malware. For instance, the use of phishing-based attacks to infect systems with ransomware are amongst the most damaging types of attack used today.
Malware botnets also pose a significant threat and are becoming more dangerous as they infect the ever-increasing number of devices being connected to the internet. The Necurs botnet has allowed multiple criminal gangs to run sophisticated financial manipulation campaigns and was responsible for nearly every major malware campaign in 2018. In this context, anti-virus services offer a line of defence against social engineering campaigns that also utilise malware.
The malware arms race is going strong
As McAfee pointed out, the amount of malware in existence is increasing steadily, with over 75m new detections in 2019 alone. Although internet browsers, apps, operating systems, and other services now include more built-in anti-malware functions than ever, malware based-attacks clearly remain profitable for cyber criminals.
The anti-malware functions provided by operating systems and other services offer powerful protection; however, that protection lapses if these systems are not kept updated. Security flaws, such as out-of-date computers or misconfigured cloud services, are common issues that can be protected against by anti-virus services. In 2016, the WannaCry ransomware virus wreaked global havoc by infecting out-of-date Windows computers; however, systems with anti-virus software that could automatically update to protect against WannaCry were spared.
The importance of innovating in the anti-malware space is well-recognised in the startup community. In Q1 2019, an AI-enabled anti-virus service called Blue Hexagon raised more venture capital than any other early-stage cybersecurity startup. SentinalOne, a later-stage startup that provides anti-virus as part of an endpoint protection service, has raised over USD $230m. These investments demonstrate the continued importance of anti-virus solutions.
Anti-virus software aids recovery
The cyber security environment is getting worse: Nearly two-thirds of the experts attending the 2019 Black Hat cyber security conference believed their organisation would be successfully breached in the next twelve months. For today’s businesses, a successful cyberattack is a matter of when not if.
The fact that successful attacks have become increasingly inevitable is part of why many experts believe business recovery plans are the most crucial aspect of cyber security. The use of anti-virus software facilitates these plans by allowing businesses to inspect their system for any malware after an attack efficiently, and therefore to prevent future losses associated with any vulnerabilities that malware exploited. This is extremely important for small and medium-sized businesses, which usually collapse less than six months after an attack.
Because modern anti-virus services are internet-connected, widespread use of an anti-virus can provide a form of herd immunity, in which the information gained from initial infections provides the data needed to prevent further infections. This function is becoming more prominent as machine learning tools provide anti-virus programs with the ability to autonomously learn how to defend against new threats. As new malware is produced at ever-faster rates, the ability to use anti-virus services to build herd immunity and identify new threats fast is increasingly vital.
A fast-evolving, in-demand career
The most challenging issue facing the cyber security industry isn’t a technological one; it’s the industry’s massive labour shortage. According to one survey, over 80% of security departments found it more difficult to find talent in 2019 than in 2018, and 47% are understaffed as a result.
The recruitment problem is so severe that it has been described as a crisis. AustCyber estimates that a lack of qualified professionals costs the nation’s economy $400m per year and that at least 2,300 cyber security positions went unfilled in 2018. While a growing number of universities and colleges have started to offer training in cybersecurity, most of these programs are relatively new and have yet to fully mature.
Edith Cowan University offers one of the longest-standing cyber security programs in the country, including the only degree programs offered by a university that has been recognised by the Federal Government as an Academic Centre of Cyber Security Excellence. ECU’s online Master of Cyber Security program is taught by leading experts with real-world experience in government, law enforcement, and industry, and can be completed in as little as two years on a schedule that provides students with the flexibility necessary to continue working full-time.
ECU students receive comprehensive instruction in both the technical skills and best practices that comprise the holistic skill set, which today’s cyber security professionals need to succeed.
If you want to learn more about how ECU’s Master of Cyber Security can prepare you to enter an in-demand profession that is vital to Australia’s economic security, get in touch with our enrolment team on 1300 707 760.
