Cyber criminals target users and their workstations. This makes workstation defense a vital tactic in cyber security management.
While most users have anti-virus software on their workstations — and while antivirus protection is a necessary element of basic workstation protection — the reality is that the antivirus protection you run simply can’t keep up with today’s threats.
As an illustration of the relative ineffectiveness of today’s antivirus products, see Brian Krebs’ story A Closer Look: Email-Based Malware Attacks which we posted in our Cyber Security News of the Week, June 24, 2012. Drawing on research compiled by computer forensics and security management students at the University of Alabama at Birmingham who tracked the most frequently seen email-based threats each day over a 30-day period, Krebs reports that the average detection rate for these samples was 24 percent.
This means that if your only workstation defense is your anti-virus software, then 75% of these most-common attacks would result in compromise to your workstation. If your only defense is your antivirus software, you are a sitting duck!
Here are three basic things you can do to significantly improve your odds of thwarting a workstation attack. These three items should be standard security procedure for every organization, whether a sole-proprietor or a 50,000 person organization.
Here are the Basic Three:
- Keep applications patched and update. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in application programs (Adobe Acrobat, Office, Flash, Java, etc) and operating systems (Windows, Apple OS, etc). As the security community identifies security vulnerabilities in software programs, software developers issue program updates to patch these vulnerabilities. Large organizations have dedicated staff and software tools for keeping programs patched. Citadel publishes our Weekend Vulnerability and Patch Report to assist smaller organizations and home users keep track of new updates. We post the Report on our blog and make it available through RSS feed. Several organizations also re-post our Report.
- Keep operating systems patched and updated. This second tactic is the logical counterpart to tactic 1. Configure your workstation for automatic operating system updates.Microsoft regularly publishes updates on the 2nd Tuesday of every month. Apple publishes updates on an as-needed basis.
- Set all workstations to operate in limited, non-administrative mode: This only needs to be done once, when the workstation is being set up. In large organizations, this is the responsibility of the IT Department. Windows users in other environments can make this setting in the Users section of the Control Panel. Macintosh users select the user account type during Account Setup.
Opinion? No. Fact! These three basic protections were the top 3 identified in a 2009 study by the Australian Ministry of Defense. Based on analysis by the Defense Ministry’s Defence Signals Directorate, these three basic tactics — when combined with a 4th tactic, application whitelisting — protect against 85% of targeted cyber intrusion. While application whitelisting requires technical expertise, the 3 basic defense tactics described above are simple enough for any computer user to implement.