James Steidl - Fotolia
A number of drive-by-download attacks are infiltrating systems by methods as simple as prompting users to click to close a pop-up window. How can I make my employees more aware of these threats, and is there any way to tell which of these things are malicious?
While employees must be adequately trained and participate in an ongoing information security awareness program, training is not effective prevention for all types of attacks. General endpoint security hygiene must be in place along with baseline security awareness to prevent attacks from being successful.
First, basic security awareness around installing mobile applications is critical. Enterprises should update their mobile security awareness programs to include information about only installing applications from trusted and approved application stores; this will help prevent malware like Torpig from getting installed. An example to include in training could be installing an application based on clicking on a banner ad; this type of download is likely to install an app that includes unwanted functionality that could steal data or passwords. Also, if during installation an error message about the app not being signed pops up, users should cancel the install immediately.
Unfortunately, people will not always be able to distinguish malicious content from legitimate content, so systems must be designed to give employees the least number of opportunities to make bad decisions and to minimize the effects of clicking on a drive-by download.
Implementing tools that monitor the network and block drive-by download threats -- such as firewalls, intrusion detection systems and antimalware devices -- can be the most effective mechanisms for blocking attacks, but not all Internet access will use the enterprise network and be blocked. Endpoint security tools can be used for similar functionality, but must be installed and operating correctly to be effective -- this depends heavily on the endpoint being managed.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)
Learn more about drive-by download attack defense and prevention.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading