Malware-including viruses, spyware, and worms-is a major collective threat, but an especially problematic threat to businesses. In fact, malware costs businesses more than $4.55 billion annually, a number that could increase if the problem continues to grow unchecked. Hackers and cybercriminals are constantly developing bigger, better threats, despite efforts from talented cybersecurity experts to try and stay ahead.

Obviously, software developers, cybersecurity specialists, and even IT professionals are working hard to stay ahead of these threats. But is the growth of business malware currently outpacing the growth of our security capabilities?

Why We'll Never Be Fully Secure

It's difficult to quantify exactly how quickly malware is developing (and how cybersecurity is evolving to respond to it), but we can look at some recent examples of malware growth. At least one cybersecurity company estimated the number of newly found threats in 2016 to be 6.8 million, which demonstrates just how quickly new pieces of malware can be developed and distributed. But these pieces of malware were also noticed, flagged, and identified--showing that security experts have no problem keeping up with this pace of development.

Not all malware growth comes in the form of new tricks and new tactics, however. In many cases, hackers simply take a tried-and-true method, such as Sality malware (which brute-forces networks to create easy-to-guess passwords), and make small tweaks to improve it for the modern world. This is also the reason why phishing scams are still so prevalent; they've worked incredibly well in the past, so all it takes is small adjustments to make them better suited for today's environment.

There will almost always be a delay in response from cybersecurity experts addressing newly found threats, so hackers will always have a slight advantage here. However, security professionals are never far behind. We'll never be fully secure--for reasons we'll explore in the next section--but malware development isn't outpacing our development of new security features.

The Human Factor

It shouldn't surprise you to learn that human error is a leading cause of most hacks and cybersecurity threats, rather than the sophistication of the threat itself. About 24 percent of breaches are due to human error, with another 25 percent due to device theft, and even more breaches due to employees falling for phishing schemes and other ruses.

The truth is, human error is quite common, in multiple dimensions:

  • Improperly created or stagnant passwords. If your password is "password," if it contains a predictable sequence of numbers, or if it's all lowercase-only letters, even the most amateur hackers will be able to guess your password in a matter of minutes to hours. If you fail to change that password regularly, you'll be even more vulnerable. You can protect yourself by choosing strong passwords, with upper and lowercase letters, numbers, and symbols in an extended string of characters.
  • Falling victim to schemes. Phishing, the practice of pretending to be an authority to trick users into submitting their login information to you, has always been popular, and remains a top method of attack for one simple reason: people keep falling for it. They download attachments without knowing the sender, they click on suspicious links, and they give out their login information too frequently to unverified external parties. The only way to prevent this from happening is to increase employee awareness and warn against the consequences of these schemes.
  • Relying on unsecure devices or networks. Sometimes, employees will bring their own, unsecured devices onto the company's wireless network. If their device is infected with malware, it could easily spread to every device on the network. If an employee uses a company device on an unsecured wireless network, like a home Wi-Fi network or publicly available option, they could also be easy targets. This makes it easy for cybercriminals to gain entry to your entire system.

When your employees make these mistakes, it doesn't matter how evolved malware has become.

We're never going to be fully secure. Cybercriminals and cybersecurity experts are always going to be on pace with each other, since they're basically two sides of the same coin. On top of that, human error is always going to make it impossible to develop something that's "hack proof." Still, by employing the latest technology, keeping your employees up-to-date, and following best practices throughout your organization, you can mitigate the risk of falling victim to an attack--no matter how sophisticated it is.

Published on: Aug 9, 2017
The opinions expressed here by columnists are their own, not those of