What’s the worst that can happen?
So what is the big deal if a few of my corporate PCs are infected with malware, what’s the worst that can happen? In this post I want to cover what can be done with a compromised PC and why it is a big deal. Many Security Managers minimize the importance of having clean PCs on their networks and comment what is the worst that can happen. We will walk though why it is extremely important to be diligent about protecting your endpoints.
Some “What ifs” to think about, these are the more obvious risks if a user’s PC is infected?
What if account credentials were harvested and used to access internal corporate information, or place fraudulent orders within your internal systems? How would you know and what could you do about it?
What if access was granted to the user corporate email? Sending phishing emails internally or external from what is a trusted email address and further spreading malware internally or to your partners who may be the ultimate target. What damage would it cause your organization if an email coming from your domain infected a key partner or customer?
What if the malware harvested credentials to grant access your corporate bank accounts and initiate a million dollar wire transfer from a man in the browser attack? Could your company handle that big of a loss, by the way corporate bank accounts are not protected by Reg. E and you are responsible for the losses not the bank.
Those are the more obvious risks but I want to dive into the less obvious ones to show what else is out there if your users are infected with malware.
Bot Activity- This includes Spam Zombies, DDoS Extortion Zombies or anonymization Proxy. Do you want DDoS traffic running from your network targeting banks or the government? Does this violate your contract with your internet provider, could they cut your company off? Could you be prosecuted for this traffic?
Web Servers- How about a phishing site being hosted on your corporate PCs or Severs, a malware download site or child pornography website? What would happen to your corporation’s reputation if there were a child pornography site hosted on your server that the perpetrators was given access to from malware.
Hostage Attacks- Including Fake Antivirus, Ransomware, Webcam Image Extortion, Email Account Ransom. What backlash would be felt if the webcam was turned on in the CEOs office or his email account was held for ransom?
Now this list is by no means comprehensive but I wanted to give you an idea of the risks that exists and why endpoint malware protection is critical to all organizations and even your users home PCs. uality endpoint protection Ensuring that you are using a high qsystem for your most important and web-facing servers is critical for protecting your company. Just as important is the care and feeding of these protection systems, for more on monitoring and KRIs see my post from last month. If you have additional examples of malware activity I would love to hear about them.