There is a cyber “arms race” underway. Long gone are the days when the largest computer security threats were viruses created by individual miscreants seeking their 15 minutes of fame (or infamy). Modern threats are now typically monetarily motivated, seeking to steal data for profit or even attempt to get infected parties to pay a cleanup “ransom” to disinfect their system. According to a recent article “The Malware Crisis” (Forbes, 2/1/10), there is “an explosion of Web-based malware such as those delivered by ‘drive-by downloads’ – from seemingly legitimate Web Sites – onto the computers of unsuspecting users”.

Malware is not only the product of sophisticated organized crime organizations. The recent Stuxnet worm discovered in June raised strong suspicions of the involvement of one or more governments. This was due to the incredible complexity of the worm, involving detailed knowledge of industrial systems, and the fact that it specifically targeted power plant facilities (an estimated 60% of the infections were Iranian power facilities). Russian digital security company Kaspersky Labs described Stuxnet as “a working and fearsome prototype cyber-weapon that will lead to the creation of a new arms race in the world”.

In mid-June, the Arizona judicial system was a direct victim as malware infected the azcourts.gov site. It took several days to successfully clean the infected system and validate that everything was OK. Infected PCs are a commonplace reality in the workplace and the cost in lost productivity and cleanup are staggering. The threats are all too real and your systems and productivity are very much at risk.

So what is the appropriate response?

Timely system patching is the first line of defense. Security holes are regularly uncovered and software updates are released to plug those holes. Deploying good, regularly updated anti-virus/malware (AV) software is also a good logical step and should also be part of your security strategy. Unfortunately, patching and AV software alone are insufficient. As the attacks increase in sophistication, so must defenses. Patches and AV applications are primarily designed to react to known threats after they have been detected. The speed with which new malware is deployed means that even systems fully patched with the absolutely latest security patches and latest AV software updates remain exposed.

Adding a network-based security layer that incorporates web content filtering technology substantially enhances protection by eliminating connections between your network and the most likely malware sources. Known distribution sites for malware can be blocked by sophisticated network devices, effectively preventing malware from reaching your systems. I’ve found the single most common malware distribution method is via web advertising. Many advertisement networks simply do not adequately validate the content of ads before publishing them. Malware writers use the advertisement distribution network to cover their tracks, making it difficult to trace the source of an infection. By blocking these ads at the network level, you remove a significant threat, reduce bandwidth utilization and improve performance.

I’ve noticed a night-and-day difference in firms that have deployed this multi-layered security approach. As an added benefit, these firms also gain the ability to limit access to categories of sites that they feel are potentially time-wasting or otherwise inappropriate for business use.