Guest Column | May 22, 2015

5-Second Rule: Why Prioritizing Web Protection Shouldn't Take A Moment Longer

By Ian Trump, Security Lead, MAXfocus

Malware is more menacing than ever. While antivirus and patch management are known needs, an equally critical third component for defending your IT clients is required. As MAXfocus Security Lead Ian Trump explains, it’s time to incorporate a security, monitoring and filtering solution.

In March 2014, Internet news media outlet BuzzFeed published an article entitled “50 Shocking Facts That Happen Every Five Seconds.” The statistics, grouped into seven categories, included an array of factoids perfect for cocktail party fodder. 

Here’s a sample. Every five seconds:

  • 35,000 Coca-Cola products are consumed
  • 1,250 iTunes tracks are downloaded from the iTunes store
  • 80 million tons of water evaporate from the Earth’s surface

The average person also blinks every five seconds, the article notes. But you may find yourself staring wide-eyed at your screen while processing this piece of information: Five malware events occur every second. It says so in Verizon’s recently released 2015 Data Breach Investigations Report (DBIR).

“Our analyses of the data,” the DBIR explains, “showed that half the organizations experienced 35 or fewer days of caught malware events during an entire calendar year.”

What more convincing do you need before adding to your layered defense strategy? Managed antivirus and patch management are known needs. But there’s another component that is equally critical: cloud-based Web protection.

The reason is simple. A solution that provides Web monitoring, Web security and URL filtering enables managed service providers (MSPs) to increase the odds of thwarting malicious threats on behalf of their customers.

Take this finding into account: According to Verizon’s report, 37.4 percent of malware installation is triggered by bad email links. As an attack vector, it ranks second only to email attachments (39.9 percent).

Why is that important? Consider this scenario for a customer without Web protection: A seemingly innocent email containing a link lands in the employee’s inbox. Nothing about the message appears suspect, so the employee opens the link, which launches a Web browser.

The website where the employee quickly lands is laced with malware. The infection instantly spreads. Your customer has quite possibly invited malware to “scrape” memory in search of confidential data.

“Back in 2010, malware was all about the keylogger, and we saw very few examples of phishing or RAM-scraping malware being used,” the DBIR says. “Fast forward to today, and RAM scraping has grown up in a big way. This type of malware was present in some of the most high-profile retail data breaches of the year, and several new families of RAM scrapers aimed at point-of-sale (POS) systems were discovered in 2014.”

Equally alarming is the amount of malware samples that are subtly tweaked to appear new, but cause the same problems. Nearly three-quarters (70 percent) of the samples fall into this category — and that’s the low end of the estimate.

Of course, web protection isn’t purely designed to take preventative action. It’s much lesser-known strength is handling “forensic” analysis of how a business is inadvertently placed in harm’s way by its workers. You can determine risky behavior based on the types of websites your customers visit, and use those findings to lobby for a security awareness training program. Education is essential.

A year ago, 17 million emails were sent every five seconds. Knowing now how malware frequently strikes, web protection needs to rank high on your list of priorities.

That shouldn’t take any time to figure out.