At a recent cybersecurity seminar, I heard a speaker tell the audience that the reason why viruses are sometimes not detected immediately is that they lie dormant in a system before becoming active and noticeable to IT. That was inaccurate.
Throughout my career as cybersecurity expert, I have never encountered a dormant or slow-release” virus. So why does detection sometimes come only after the damage is irreversible?
Viruses are often designed to be tough to detect. It makes sense that a person conducting a cybersecurity attack would want stealth to be a priority. The longer a virus goes undetected, the more valuable information can be gathered and used by the cybercriminal. That being said, not spotting a virus does not equate to its being dormant. The primary motivation of cybercriminals is quick profit. It is not reasonable to think that a cybercriminal would spend time and money on an attack that does not offer immediate returns.
Detection is the “Middle Layer” of Cybersecurity.
If you were securing a house, prevention would be the fence around your property. The front door would be detection, and an alarm system would be your reactive layer of security.
When securing your firm’s network, the preventative firewall may help your firm fend off lots of attacks. Preventive measures may even help you evade the majority of attacks. However, a common mistake is to focus too much on prevention while neglecting the detection and reaction layers. Imagine relying on your fence at home for all of your security and leaving the front door open and the alarm turned off. Prevention isn’t everything when it comes to securing yourself against attacks.
The reason the detection layer is similar to a house’s front door is that its effectiveness largely depends on individuals. Once an attack has gotten past the fence, it takes IT departments and employees to spot something wrong. You can have the most secure front door, but if someone leaves it open or forgets to lock it (or doesn’t know how), it is virtually worthless. Similarly, many organizations are up-to-date with the best preventative measures, but they do not pay enough attention to employee compliance and training in cybersecurity policies.
Effective Detection Requires a Culture of Security
A firm needs a culture of security because employees are critical when it comes to protecting your firm’s data. Knowing who to let in the front door is like an employee being able to recognize a phishing email or knowing the dangers of giving out passwords.
Once an attacker has gotten past your firm’s safety measures, detection is the key to assessing the severity of the attack and initiating remediation strategies. Since attacks are often stealthy and leave little trace, it is up to IT departments and employees to recognize the signs of a breach and to understand the firm’s current security technology. For example, an alarm system is not going to be helpful if it is immediately turned off every time it sounds. Similarly, the highest-end cybersecurity detection systems are not going to be efficient if they are ignored. The time between an attack and detection can be reduced by training employees to recognize the signs.
While viruses do not lie dormant, they can be difficult to detect. However, with proper training and education in what to look for, IT and employees alike can help in reducing the time it takes to begin remediation efforts.