Home > Business essays > How to complement an Anti-virus in order to protect an SME sufficiently?

Essay: How to complement an Anti-virus in order to protect an SME sufficiently?

by

Essay details and download:

  • Subject area(s): Business essays Information technology essays
  • Reading time: 11 minutes
  • Price: Free download
  • Published: 21 June 2022*
  • Last Modified: 31 July 2024
  • File format: Text
  • Words: 3,257 (approx)
  • Number of pages: 14 (approx)

Text preview of this essay:

This page of the essay has 3,257 words.

Abstract

A network can be prone to cyber-attacks, and with the advancement of information technology an attack can happen at any time, to withstand these attacks security policy, security frameworks and tools are developed and utilised within a network. It is common for an SME, as compared to a multinational corporation’s network infrastructure, to lack in network security. It is common for an SME’s not to have a large budget for cybersecurity and cannot afford high-end network security framework in their system, which makes them more vulnerable and at risk in the hands of malicious parties. Nevertheless, hackers are becoming more skilled at using advanced technologies, such as artificial intelligence to launch attacks. Regulations, such as GDPR, has placed pressure on organisations to deploy strict measures to ensure data is kept fully protected. This publication identifies common cyber attacks on SMEs, identifies some solutions used to mitigate the attacks, and recommends other measures that can further enhance the security posture of the enterprises.

1 Introduction

A security threat is a weakness of a system that has the potential to be exploited by an attacker. An identified risk can lead to a cyber-attack on the organisation causing severe damage to an organisation, mainly clients or users can lose confidence and reputation to a company that has been hacked and shown a weakness in their security of data. Harshitha and Rameshi (2013) note that cyber attacks have become a curse to technology since malicious users have been able to illegally access and destroy critical system resources while restricting other authorised users from accessing the system.

At the same time, small and medium enterprises (SMEs) are in the firing line for data breaches. Rose (2018) report that 61 per cent of SMEs were hit by cyber attacks in one year. Hackers often see SMEs as soft targets since they lack cybersecurity expertise and awareness, as well as lack of resources such as time and money to research, design, and deploy reliable security tools. McGoogan (2017) further reveals that the average cost of an attack is over £1,500, which does not include additional indirect costs from reputational damage, cost of notifying customers, and penalties for violating regulations such as GDPR. Unfortunately, most SMEs only deploy antivirus security programs, but this research shows that relying on this measure alone cannot only play a partial role in overall protection strategy, and other advanced measures should be considered for a holistic security approach in the small and medium enterprises.

2 Common Cyberattacks in SMEs

2.1 Malware

Malware is one of the most challenging threats to an organisation, malware identified as malicious code that is going to affect a device in a harmful way. Cybercriminals can avoid security measures without notifying the user through end-point security mechanisms such as anti-virus software, a firewall, intrusion prevention system; these frameworks analyse signature or behaviour of the executable to identify its legitimacy and identification of these security approaches commonly based on predefined or identified patterns and signatures. Attackers can bypass these security measures by developing malware with a unique pattern or signature, which cannot be identified by these security measures. Commonly malware performs actions such as keylogging, sending confidential information out of the network, performing actions with the machine and monitoring use activities such as browsing.

2.2 Phishing

Cybercriminals use phishing as a technique reveal information or install malware and generally used as part of a subsequent attack, phishing attacks also used as part of a social engineering attack such as credential theft. Phishing attacks conducted in a way that the user or victim trusts the source. An email from a known person, bank, business partner or co-worker. A download of an attachment or click to a link that can install malware on the computer or redirect the user to a cloned site that can steal credentials. Statistics from the Federation of Small Businesses show that 49% of SMEs have been victims of phishing attacks between 2014 and 2015 (Smith, 2016).

2.3 Sniffing

Sniffing or eavesdropping is a type of attack that an attacker sniff or listen in to communication steam going through a network. Sniffing data on a network is one of the critical security issues for SME’s are most SME’s use wireless routers or wired for internet connectivity. Lacking encryption in communication enables attackers to read the data that has been transmitted in data paths by merely sniffing the network. Attackers can use tools like Wireshark to perform this kind of attack. Users of a network who is remote accessing devices with credentials are at risk of having that data sniffed.

2.4 Password guessing attacks

Typical networks configured with remote management capability in the network devices; it adds easy to access the physical devices, easy to upgrade, troubleshoot and brings availability because there is no need to be at the location physically. Although this is less time-consuming and seems easy to manage the network, password attacks can be carried utilising different methods the most common is a brute force attack. This attack is carried out by attempting to log on to a device or system multiple times. These repeated attempts are based on a pre-built directory to guess the credentials of the target system. Attackers can carry out brute force attacks to gain access to the devices by using tools like Hydra. Getting access to network devices like switch router and server can lead to being able to modify network configuration files, routing tables, delete critical data.

2.5 Dos and DDOS

DDOS attacks are also known as Distributed denial of service attacks misuse the operational behaviour of computer network protocols, most commonly ICMP protocol and TCP protocol, attacks like TCP-Syn or half-open connections based on the concept of “Three-way-handshake” in TCP/IP networking. Three-way-handshake is a connection of a TCP based, attackers send numerous amounts of TCP-Syn packets to the target machine using multiple systems. Large amounts of SYN packets result to open uncompleted half connections to the target machine. His is similar ICMP protocol attackers send a large amount of ICMP echo-reply messages to the victim machine this can cause the system to handle the large amount of network traffic which can utilise more CPU, RAM and disk space, which can lead to a final result to run out of resources by shutting down the system. In most cases, DDOS has zero or minimum data loss. Nevertheless, the attack leads to interference of normal access of system and resources by end users since hackers flood company networks and servers with millions of requests to either interfere with the performance or shut down a system altogether (Rose, 2018).

2.6 Ransomware

In ransomware attacks, a malicious actor infects the target systems and hold critical information to ransom (Rose, 2018). The hacker demands some amount of money, mostly paid in bitcoins (Paquet-Clouston, Haslhofer, & Dupont, 2018). Ransomware attacks hit the headlines mostly in 2017 during the WannaCry attack that infected more than 200,000 computers in 150 regions and countries. In fact, according to Rose (2018), the attack almost brought NHS to a standstill. The attack gains access to a system through phishing emails containing malicious URLs, while others sneak into networks through other loopholes in software. In other cases, employees downloading and installing applications from unknown sources can lead to ransomware attacks.

2.6 Social Engineering

An SME can have an antivirus program and a sophisticated firewall in place, but such security tools will not prevent attacks launched through one of the weakest links in a cyber program, the people (Rose, 2018). It is imperative to note that in cybersecurity, technology is a small part since other attacks happen through social engineering where employees are manipulated by malicious actors looking for ways to penetrate a system. In this attack, the hacker collects information that can be used with other details to launch attacks. Smith (2016) quotes statistics from the Federation of Small Businesses showing that social engineering, such as baiting, cost the small business community more than £5 billion in one year. Baiting is a social engineering attack where a malicious hacker leaves malware-infected hardware, such as USB disks, where an unsuspecting target is likely to find it, plug it into a device connected to a company network, and spread the malware to the entire system (Airehrour, Nair, & Madanian, 2018). Further, the findings reveal that 66% of SMEs have fallen victims of social engineering attacks in the last two years.

3 Prevention Techniques Currently Used, and its Weaknesses

3.1 Antivirus

Antivirus software provides end security to a computer node in the network. Mainly it provides security for the data in a storage device. Antivirus software designed to identify malicious bit patterns which also known as signatures. Antivirus software companies utilise millions of libraries of signatures to identify malicious activity, e.g. Virus total. If any malicious activity is identified, functions such as accessing system files and running on the system will be blocked and prevented.

However, according to Korolov (2018), the traditional signature-based antivirus program that is widely used in SMEs due to its cost and ease of deployment, is poor at detecting and mitigating newly discovered threats, commonly referred to as zero-day exploits, as well as some ransomware. Currently, hackers are getting more skilled and are able to utilize innovative technologies such as machine learning to generate multiple versions of malware to avoid detecting by the signature-based tool. In addition, the latest file-less attacks cannot be easily detected by the legacy antivirus programs (Korolov, 2017).

In effect, SMEs should consider complementing the famous and traditional antivirus programs with newer and reliable security technologies. It is important to note that the security tool will not be replaced, instead, it will still be part of a multi-layered security protection strategy since it is still capable of mitigating thousands of common malware attacks, while leaving the advanced security measures to a smaller and comprehensive workload (Korolov, 2018).

4 Strict GDPR Regulation and The SME’s Cybersecurity Strategy

While reviewing and modelling the cybersecurity strategy for the SMEs, it is vital to understand the regulations and compliance aspect. In particular, small and medium businesses should understand the General Data Protection Regulation (GDPR) and its implications. Josh Eichorn, CTO Pagely, notes that this regulation gives European citizens more control to the security of their personally identifiable information (Eichorn, 2018). In this case, SMEs with websites, in reality, almost all businesses have websites, will be required to meet stringent compliance mandates to protect user data. Clearly, such requirements have an impact on the cybersecurity strategy. Before collecting such information, SMEs should ensure that they obtain consent from owners, and clarify how they intend to use it. Since the regulation requires increased data privacy and security, businesses will be required to tighten their cybersecurity strategy, which involves integrating reliable practices, other than the legacy antivirus programs.

Antivirus programs are important in preventing malware and other viruses, but in a hyper-connected world, the tool is inadequate in ensuring maximum security. In effect a multi-layered cybersecurity strategy that features an antivirus, firewalls, IDS/IPS, encryption solutions, and cybersecurity awareness training is vital for ensuring all data is private to avoid violating GDPR. SMEs should also assess and report security risks in case they occur.

5 Additional Possible Solutions to Enhance Security and Meet Compliance

The above section shows a few of the crucial threats and attacks that have been highlighted in the last few years. Also, the common security measure deployed by most SMEs has been reviewed. A problem has been identified in that the antivirus tool widely deployed by businesses is not entirely effective in protecting the systems form some forms of attacks. Therefore, additional measures are required for enhancing the security posture of an SME/ The section below will focus on the prevention approaches that can be configured and implemented in order to reduce the risk of these attacks.

5.1 Firewalls

A firewall is a network security device or software that monitors incoming and outgoing network traffic to determine if the data packets should be allowed to pass or it will be blocked based on a defined set of security rules. Firewalls are on the first line of defence in network security, and SMEs can deploy the tool as a barrier between the secured and controlled internal networks and untrusted and uncontrolled external networks, particularly the Internet. Notably, a firewall can be a hardware or software.

SMEs can deploy different firewalls such as:

  • Proxy firewall: serves as a gateway from an external to the internal network. The firewall is used to prevent a direct connection between secured and uncontrolled network.
  • A stateful inspection firewall controls the flow of traffic based on details such as state, protocol and port to filter content based on defined rules.
  • Application layer Firewalls – Monitor for any malicious data being transmitted between the hosts, this kind of firewall inspects traffic specific to an application or service.

As stateless and state-full firewalls focus is to secure systems at the network layer. Application layer attacks are increased compared to network layer this is due to state-full and stateless firewall implementations on a network are more robust than the application layer. Firewall policies and complexity of the modern network implementation bring up to a higher level, for example, Linux platform, iptables operate based on the three major components chain, rules and table. In Windows, a user can configure firewall rules based on app and services.

  • Rule – Component that defines what packets should analyse and tasks need to carry out with incoming and outgoing traffic.
  • Chain – Component that defines rules that combined into chains. There are three chains of Input, Output and Forward.
  • Table – Identity as chains that independently gathered into tables. Built-in tables are Filter, NAT and Mangle.

From three tables primarily import table is the Filter table and it is the default table among the three. Also, it is the default table for any defined rule. For inbound and outbound traffic filter table applies primary chains as given below: –

  • Input Chain – Incoming packets for the host cross through Input chain.
  • Output Chain – Outgoing packets are cross monitored through Output chain.
  • Forward Chain – Packets that are routed through the host for any destination is cross through the forward chain.

5.2 Intrusion Detection/Prevention Systems

Intrusion detection involves a process of monitoring events in an SME network and analysing them to discover anomalies such as incidents, potential threats, or violations. On the other hand, intrusion prevention is the succeeding activity where discovered anomalies are acted upon with the aim of mitigating attacks. Currently, there are cutting-edge intrusion detection and prevention systems that can be deployed in businesses. It has been mentioned that the present-day hacker is skilled and deploys sophisticated tools to launch attacks that can thwart legacy signature-based antivirus programs.

Figure 2: Intrusion detection and prevention solution (Juniper)

An intrusion detection and prevention system can be deployed to monitor a network to identify and mitigate possible incidents. An advanced IDS/IPS is a security information event management system (SIEM) used to log information, analyse, mitigate, and report anomalous activities. The underlying principles of the SIEM operation is that critical data about the SME is produced in different locations and store it in a single point of view to make it possible to detect trends and anomalies (Cotenescu, 2016). In other words, the tool is deployed for centralization and consolidation of security data in an organization to accurately respond to discovered threats and improve the risk compliance posture of the organization.

A signature-based IDS/IPS compares signatures against an observed event to detect possibility of incidents. An anomaly-based solution compares definition of the normal or regular system operations and activities with the actual real-time events to determine if there exist significant variances. This approach is reliable for detecting unknown threats.

5.3 Cybersecurity Awareness Programs

One critical aspect of cybersecurity strategy is the people. The common attacks reviewed in this report, such as social engineering and phishing, target employees of SMEs, who easily fall into the trap of the hacker. This is attributed to the lack of cyber security awareness. In this case, SMEs should develop training programs focused at educating workers on the tactics employed by hackers and ways they can mitigate them. Winkler (2017) recommends that a cybersecurity awareness training program should be supported by the SME management, focus on all crucial departments and personnel, feature relevant content, and assessed to determine success. Unfortunately, despite statistics indicating that trusted employees are among the weakest links in cybersecurity, few SMEs are investing in mitigating the insider threats. Aloul (2012) states that security awareness training is often overlooked in most information security programs. Instead, majority of businesses focus on expanding their reliance on advanced security technology, while ignoring the training required for the workers. In effect, attackers will continue to use this weakness to gain unauthorized access to systems. In effect, it is important to design and implement security training program to increase cybersecurity awareness among SME employees.

Conclusion

Considering the above analysis small and medium size network infrastructures cannot afford high-end security systems. Installing antivirus software on end workstation will ensure the system is not affected by known attacks. This will not provide essential security for an SME. Attacks like social engineering, password guessing credential reuse cannot be prevented using antivirus software. In the event of an attack, antivirus does not provide data security such as confidentiality and integrity. At the same time, the introduction of GDPR regulation requires more stringent measures to be applied in cybersecurity to avoid huge penalties for non-compliance. In effect, SMEs should design and deploy a multi-layered security strategy that ensures maximum data protection is achieved.

References

2018-11-23-1542935874

About this essay:

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, How to complement an Anti-virus in order to protect an SME sufficiently?. Available from:<https://www.essaysauce.com/information-technology-essays/how-to-complement-an-anti-virus-in-order-to-protect-an-sme-sufficiently/> [Accessed 15-04-26].

These Business essays have been submitted to us by students in order to help you with your studies.

* This essay may have been previously published on EssaySauce.com and/or Essay.uk.com at an earlier date than indicated.