Malware infections have become more evolved and sophisticated. Similarly, the technologies for preventing malware threats and attacks have evolved to use a multi-layered approach.
The term malware is short for "malicious software." Malware is designed to harm computer systems or networks, typically to gain access for monetary gains. Different types of malware are designed for specific categories of infections such as Adware, Spyware, Worm, Trojan, Keyloggers and Ransomware.
This article discusses the 5 protective measures for securing key management systems from malware threats within an organization.
Unfortunately many organizations do not treat malware infections seriously; they are often treated as individual occurrences. Each time a malicious program is discovered in a system, the system administrator simply cleans up the affected system and moves on with other operational tasks. With the increase in advance techniques and tactics used by malware developers, backdoors and ransomware is on the rise.
Secure protocols such as SSH, SFTP and SSL should be used for data transfer, rather than plain text protocols such as telnet, FTP and HTTP. Recently many websites have switched to HTTPS to prevent governments and other third parties from monitoring user traffic. These sites that switched to HTTPS have also implemented HTTP Strict Transport Security (HSTS) to protect against efforts to break HTTPS and intercept traffic. Similarly, remote administration protocols should use secure connections such as SSH for the key management system devices and other systems.
Data breach investigation reports suggests that many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. Upgrading the KMS devices and other servers with latest security patches is essential in mitigating and securing these devices from newly identified vulnerabilities such as zero-day bugs.
Virus and spyware threats are designed to penetrate through networks or systems. The volume and number of potential and new threats make it unavoidable that particularly sophisticated infections will outsmart security software. Daily scans of server, entire hard drive and network will help in detecting vulnerabilities. These daily scans add another layer of protection for the key management system and the organization. The KMS devices must be scanned daily to identify such sophisticated malware.
Security measures such as the use of strong password, training employees on the use of links and email attachments. Think before you click: Companies should use strategies to educate employees and staffs when using email or opening an attachment. Simply clicking on an email link or attachment can corrupt system and infect other machines, and destroy critical data within minutes. Similarly users should never enter personal or financial details in web pages at which they haven’t manually arrived. The key management system should be secured and every event should be logged and analyzed for identifying unintentional or intentional exposure of data.
Insiders who expose data accidentally, such as an employee who accesses company data through public WiFi without the knowledge that it’s unsecured: These types of insiders are called unintentional actors. A large number of data breach incidents result from employee negligence towards security measures, policies, and practices.
The attackers are targeting multiple layers, so key management system devices should include a multiple layered approach. It also includes the use of Anti-virus and Anti-spyware software to protect the system from installing and executing programs that perform security compromise or obtain system administrator status. Anti-malware suites are increasingly bundled with a software-based firewall, spyware detection, rootkit detection and even spam filtering.
A multi-layered security includes the practice of combining multiple security controls to protect the key management system servers and devices. This approach also includes controls such as two factor authentication, disk encryption, heuristics or machine learning based data analysis, Whitelisting applications and devices, secure configuration of servers, data loss prevention (DLP), Incident response and management, Penetration tests and red-team exercises. It is also recommended that the key management system software should be checked upon installation and periodically thereafter. A software integrity verification upon installation include the chain of custody for the software and the verification of integrity codes such as hash values, message authentication codes, and digital signatures used to assure that the software has not been modified.