James Steidl - Fotolia
A number of drive-by-download attacks are infiltrating systems by methods as simple as prompting users to click to close a pop-up window. How can I make my employees more aware of these threats, and is there any way to tell which of these things are malicious?
While employees must be adequately trained and participate in an ongoing information security awareness program, training is not effective prevention for all types of attacks. General endpoint security hygiene must be in place along with baseline security awareness to prevent attacks from being successful.
First, basic security awareness around installing mobile applications is critical. Enterprises should update their mobile security awareness programs to include information about only installing applications from trusted and approved application stores; this will help prevent malware like Torpig from getting installed. An example to include in training could be installing an application based on clicking on a banner ad; this type of download is likely to install an app that includes unwanted functionality that could steal data or passwords. Also, if during installation an error message about the app not being signed pops up, users should cancel the install immediately.
Unfortunately, people will not always be able to distinguish malicious content from legitimate content, so systems must be designed to give employees the least number of opportunities to make bad decisions and to minimize the effects of clicking on a drive-by download.
Implementing tools that monitor the network and block drive-by download threats -- such as firewalls, intrusion detection systems and antimalware devices -- can be the most effective mechanisms for blocking attacks, but not all Internet access will use the enterprise network and be blocked. Endpoint security tools can be used for similar functionality, but must be installed and operating correctly to be effective -- this depends heavily on the endpoint being managed.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)
Learn more about drive-by download attack defense and prevention.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.