Five Myths About Preventing Cyber Security Threats

Cyber security for small and mid-sized businesses (SMBs) is a particularly daunting challenge. These companies face many of the same cyber security threats that the largest global enterprises deal with—but often with a fraction of the resources. Aside from the obvious disadvantages smaller organizations face, there are also a number of misconceptions about security that can get in the way of better protection.

Here are five cyber security threats and preventative measure myths SMBs should stop believing:

Myth # 1 – All endpoint protection tools provide the same amount of cyber security threat and prevention capabilities

Not all endpoint protection technologies are created equal, and that certainly applies to prevention capabilities. Prevention is often limited to deploying basic antivirus and next-generation firewalls for protection. This is especially the case with smaller companies.

But an efficient endpoint protection solution should have advanced prevention capabilities that stop attacks before execution and also offer visibility into a company’s attack surface. Providing visibility both at the endpoint and network layer are now key to preventing an attack. SMBs need to augment their security stacks with more than just malware-detecting security software.

Bitdefender prevention technologies and machine learning models identify and proactively stop more attacks. They are designed and built with prevention in mind. The effectiveness of these tools has been demonstrated through independent testing validation.

In one test, Bitdefender was shown to be the only cyber security vendor to prevent all advanced threats.

Myth #2 – Detection and response are more important than threat prevention

Detection and response can (and should) be key components of a cyber security program, but to ignore the importance of prevention is perilous. Prevention, in fact, should be the foundation of any cyber security strategy – regardless of industry or company size.

Due to the recent amplification of ransomware attacks, the U.S. White House is instructing organizations nationwide to take preventative measures against a wave of cyber threats targeting the U.S. In doing so, President Biden’s recent executive order is charting a new course on national cyber security posture urging privately owned businesses to follow suit. To add to this executive order, a central hub for ransomware education was also formed around prevention and anti-ransomware strategy.

“Organizations cannot wait until they are compromised to figure out how to respond to an attack,” the order states. “Recent incidents have shown that within the government, the maturity level of response plans vary widely. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat. The playbook will also provide the private sector with a template for its response efforts.

The two approaches—prevention and detection/response—should be complementary and not mutually exclusive. Cyber security threat and preventative measures are essential in stopping most commoditized threats. Detection and response technology can be used to search for the threats that have already gotten past defenses and then formulate an appropriate response.

Myth #3 – Cyber security threats are too sophisticated now, so prevention technology is less relevant

While zero-day and advanced persistent threats grab a lot of headlines and surely keep cyber security executives on high alert, most attacks leverage older overlooked vulnerabilities. It is important to not overlook employing the most basic preventative measures to cyber threats. This may include hardening your security infrastructure, gaining visibility into areas of potential vulnerability (ie, humans and devices) as well as continually conducting cyber hygiene checkups of your ecosystem.

The 2020 Bitdefender Report notes that one of the most reported misconfigurations, especially since the work-from-home model became the new normal, occur when the WinRM Service is enabled and poorly configured. What is WinRM? According to Microsoft, WinRM is “the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. With this pathway open, it is a large target for threat actors to capitalize on a point of entry for cyber threats.

Bitdefender telemetry reports that nine in ten endpoints seem to report this as the top misconfiguration, which means that successful exploitation by threat actors could lead to either endpoint compromise or other business infrastructure risks.

According to the report, more than one third (36%) of the unpatched vulnerabilities in business applications and operating systems targeted during the first half of 2020 involved Common Vulnerabilities and Exposures (CVEs) that were first assigned in 2019, according to Bitdefender business telemetry.

Of those, 88% involved unpatched vulnerabilities in Microsoft products and services. However, while vulnerabilities in Microsoft products account for the bulk of exploitation attempts, threat actors might also seek to exploit vulnerabilities in enterprise-grade device management software, popular network analysis tools used by IT and security professionals, text and source code editors, and even popular media player software.

Bitdefender’s network attack defense technology has shown that brute force attacks on remote desktop protocol (RDP) and file transfer protocol (FTP) services account for 42% of all network-level attacks in business infrastructures. Successfully gaining access to these services means threat actors could take remote control of enterprise machines and endpoints, or even access internal FTP shares where sensitive data is usually stored.

Looking at the current threat landscape for businesses, many attacks on these services involve ransomware operators looking to gain a foothold within organizations, seeking out valuable data, and then manually deploying ransomware with a custom payload and high ransom note.

Myth #4 – Security prevention products that protect against ransomware are too complicated for a smaller company to deploy

Some tools are designed with ease-of-use in mind, removing the complexity that requires special skills.

Ransomware has many viable paths into an organization and cyber criminals are creative in their exploitation of both technological and human vulnerabilities. This is why protecting against ransomware requires understanding the full cyber kill-chain and mapping defenses to each attack stage.

Comprehensive ransomware prevention requires proactive vigilance on multiple simultaneous fronts, each of which need to be covered by the security solution. At the same time, the solution needs to be easy for administrators to manage.

Ransomware prevention and mitigation is built into products such as Bitdefender’s GravityZone at multiple levels, including endpoint, network, and the GravityZone Console administration level, and is adaptive to defeat new and emerging ransomware techniques.

The solution provides automated threat defenses and systems hardening, with advanced prevention capabilities to safeguard organizations from the full spectrum of sophisticated threats. GravityZone generates relevant security warnings indicative of a tactic or technique commonly used by cyber criminals, identifying a potential intruder.

Small organizations typically lack the resources and expertise to assess their entire attack surface. With GravityZone Elite, even small companies can easily visualize their threat environment and perform forensic analysis by focusing on targeted attacks.

Myth #5 – Threat prevention tools are solely based on having a fingerprint/signature

Modern tools have advanced prevention capabilities that go well beyond those of older products. For example, GravityZone products designed for the SMB market leverage innovative machine learning (ML) capabilities.

GravityZone Elite, for example, offers integrated endpoint protection, risk management, and attack forensics capabilities. Enhanced with user behavior risk analytics, GravityZone Elite safeguards an organization from a full spectrum of sophisticated cyber threats.

With more than 30 machine learning security technologies, GravityZone Elite provides multiple layers of defense that have consistently outperformed conventional endpoint security tools in independent tests.

The product is a single-agent, single-console solution for physical, virtual, mobile, and cloud-based endpoints and email.

Additional prevention tools offered for SMBs include GravityZone Business Security and GravityZone Advanced Business Security. All of these products automatically and continuously train and improve their malware recognition capabilities using one of the industry’s largest sample repositories, collected in the wild from a large network of global sensors.

Discover more about the new normal of cybersecurity threats and trends.