Organizations may be taking the wrong approach when it comes to preventing malware attacks.
According to Josh Goldfarb, FireEye's CTO of emerging technologies, many companies are falling into the trap of cleaning up infected devices, only to leave them vulnerable to being compromised yet again, ZDNet reported late last week.
Without the foresight and understanding about why a device or system was infected in the first place, simply reimaging a laptop or cleaning up malware will not be enough to prevent further attacks, he noted.
“It's kind of a chicken-or-an-egg situation, where organizations are so busy playing whack-a-mole that they don't have time to come up for air and try and understand why they're so busy playing whack-a-mole," Goldfarb told ZDNet.
Moving away from the “whack-a-mole” approach may help companies to improve their security overall by actually determining the root cause of the problem.
"It's difficult when you're in an operational environment and you're putting out fires. It's difficult to leave fires burning to take a step back and look strategically to try and understand why it is there are so many fires burning and what can be done to perhaps reduce the number of fires that burn on a daily basis,” he explained.
With the rate at which the malware threat is growing, it’s critical for organizations to understand how to detect and mitigate their risk.
Earlier this year, a report shed light on the fact that malware is actually becoming the next big on-demand business for cybercriminals.
Creators of malicious software are now using the cloud to sell Malware-as-a-Service. What the report shows is that those cybercriminals are now making money off essentially renting out their malware software.
“The biggest cybercrime operations are essentially computer software and services companies, albeit illicit ones,” according to the 2016 Trustwave Global Security Report. This report suggests that, even on the Dark Web, there’s a thriving business for cybercriminals to sell off their talents — in the form of malware, of course.
And it’s turning into an on-demand business as legitimate-seeming as any traditional software business.