Author: Kevin Hawkins

Security Tools

Is Anti-virus to cure all that many SMEs seem to think it is?

In the SME world there is an instilled view that anti-virus, along with a firewall or two, is the knight in shining armour, constantly battling malicious threats. But is it always the hero we think it is? Let’s talk about duality – the good and the not-so-good side of anti-virus software. On the bright side, it’s an essential tool for digital safety. It stands as our frontline defence, identifying and eliminating potential threats like viruses, malware, and phishing attempts. It’s a relentless protector, working round-the-clock to safeguard our valuable data. So far so good.

However, no knight is without its flaws. Anti-virus software can sometimes be overzealous, flagging innocent files as harmful. This ‘false positive’ can disrupt our workflow, especially when essential files are blocked. Moreover, no anti-virus software provides 100% protection. Complacency can be our undoing, leading us to believe we’re invincible behind our digital shield. So, what’s the bottom line? Well, anti-virus software is a necessity in today’s world, but it’s not a fool proof solution.

So why do SMEs think it is?  Well, there’s probably several reasons for that and chief amongst them will be the constant companion of an SME, cost.  If you can convince yourself that a solution solves all, or most, of your problems in one hit, then that’s going to be a winner in your mind.  There is also an issue with the larger IT and Cyber Security companies, that they have largely ignored SMEs because they don’t produce the financial rewards that their bigger clients do. So, they have been happy to pass off software sales, like AV, to their sales channel, and allow their re-sellers to push those products on their behalf.  Sounds good except that often those re-sellers simply don’t have any more in house cyber skills than the SMEs themselves, so there is no guarantee that what they are selling is what the SME needs.

Now, I’m not knocking your local IT support company, they do what they do and generally do it well.  Generally, they like to stick to the tried and tested products that they have been selling for years and tend not to buy in to innovation easily.  Can’t blame them, they are as beholden to the bottom line as the rest of us.  And the various flavours of AV fall into that category.

This is where we part company with such companies.  We are very much involved with innovation, looking at new ways of solving old problems, and new ones as they crop up.  The only way an SME is going to get the protection they need and deserve, at a cost they can afford, is via such innovation.  We have been working with Platinum High Intensity Technologies, or Platinum-HIT.  This is a new PROACTIVE Managed Security Service Solution for Endpoint in the class of Anti-virus, anti-malware, anti-ransomware.

So, what’s different about it?  Surely, it’s just another version of AV?  Well, no it isn’t, it’s a new approach to an old and continuing problem, that solves a several problems along with way, using what is known as a Hard-Disk-Firewall or HDF.  So, what I hear you cry.  I have a personal firewall on my laptop.  Why do I need another one?  Perhaps the word firewall is a little misleading.  Read on and you’ll see what I mean.

The HDF concept is a simple one. On any computer system, data is stored either as non-runnable information data or runnable application programs. Malware is a type of runnable program with undesirable behaviours. HDF prevents malware infection by stopping malware program files from being stored and run on a computer. HDF functions as part of the Microsoft® operating system.

From the perspective of the computer operating systems, malware or viruses are simply another form of application program. From a human’s perspective, malware is existential threat that we do not want to run on our systems. HDF works by stopping any additional program from saving on a fully working and virus free computer unless the system administrator/owner allows a certain specific program to install.

The approach is to deny write access of runnable program files to any storage devices irrespective of the user’s right and privilege on the computer. For example, the control is so absolute that administrator/user cannot bypass, intentionally or by mistake.

Other than blocking install of malware, the computer functions as normal, and HDF operates to- tally transparently to end users. For example, running applications, opening, reading, saving, and deleting non-runnable data is not affected.

Device independent – effective on all storage devices supported by the underlying operating systems, e.g., hard disk, USB token device, tape drive, optical writers (CD or DVD writer) and any future device which relies on the operating system to provide read and write functionality.

Data location independent – works identical on local and remote storage devices including write access from wired and wireless networks, infrared and blue tooth etc. No hardware component. Implemented as a component fully integrated into the operating system, effectively becomes part of the operating system and not a separate application. Making the operating system immutable.

HDF does not require any prior knowledge of file and data contents. The system just stops any data to be saved that can be run on a computer, including all known or future malware. This indiscriminately stops polymorphic viruses, ransomware, zero-day threat and renaming any data file back to runnable programs.

HDF does not rely on Microsoft security operating system patches and in of itself no regular updating is required.

HDF security capability has NOT degraded since commercial deployment in 2008. There has never been a CVE attributed to the HDF solution.

So yes, whilst this system has been around the defence and nuclear space for some time, it’s very new to the SME market, and in fact, to the enterprise market for that matter.

Is your AV due for renewal soon?  Before you just push the button and renew, have a word with us first.  We just might have what you are missing, and you might be surprised at how affordable it is, considering it’s managed for you at no additional cost.

Ransomware, Phishing and other Malware

I Never Get Tired of Talking About Ransomware

Many of you outside of the legal profession might not have heard of the Ince Group and what happened to it. The 157-year old law firm collapsed into administration last year following a cyber-attack. To be fair a much bigger crisis came after it was rescued by a firm that almost no one had heard of. There are many out there much better qualified than me, to comment on its legal and accounting problems, I’ll stick to the cyber-attack.

So, what happened to Ince and is it a story of what can happen, in terms of cyber security, to pretty much anyone?

Things started to go south for Ince following a cyber-attack in March 2022, which was later revealed to have cost the company £5m.  Their share price tumbled, and they struggled to get on top of the crisis.  They went from trading at around 80p per share to are the 5p mark.  Pretty devastating for any company of any size.

What was the nature of the cyber-attack?  Well, Ince did everything they could to stop the exact nature of the attack becoming public, but it appears that it was our old friend ransomware.   In March 2022, Ince was granted an interim injunction to stop hackers from releasing confidential data on the dark web if it does not pay a ransom, following the unknown perpetrator threatening to publish the stolen data on the dark web if the firm did not pay a “substantial ransom”.

Now, I don’t know about the rest of you, but given that the perpetrators are already criminals, and are unknown criminals to boot, I’m a little confused as to how such an injunction could have any tangible effect, except to show perhaps, that Ince were taking this very seriously and were trying to prevent the release of client data.

Of course, this was an attack perpetrated on what was, at that time, a major company, publicly listed, and that supports the impression amongst many, that only such companies are targeted by cyber criminals.  Not so.

According to the NCSC, responsible for cyber security in the UK, ransomware continues to be a clear and present danger to UK companies, both at the Enterprise and SME level.  It has now become the most significant cyber threat facing the UK, with the impact of an attack on critical national infrastructure stated in the UK National Cyber Strategy 2022 as potentially as harmful as state-sponsored espionage. There remains a pervasive opinion within SME management, that ransomware only affects the big companies, that SMEs are just too small to provide a level of reward that cyber criminals are looking for.  I also said that there was evidence that when an SME gets hit, the amount asked for is quite small, from around £500 to £1000, and therefore many SMEs simply pay up.  There is of course a real danger there because often their data has already been stolen, and sometimes the criminal doesn’t release the data back to the company, leaving the SME not only out of pocket, but unable to continue with business.

How much better if you can avoid getting hit in the first place.  Here I list some ways that you could perhaps use to avoid the problem.

  1. Arguably, the biggest and most effective step an SME can take is Cyber Awareness Training for staff. It is simply a fact that 90% of data breaches are caused by human error.  It is very unlikely that an employee will do something deliberately to damage your business.  But humans are fallible and, if they haven’t had any awareness training, they simply don’t know what they shouldn’t be doing.  Cyber security awareness training remains the most significant step you can take in this regard.  You can’t expect your staff to help you avoid cyber security attacks if they don’t know what they are looking for.  Cyber security is NOT an IT issue, it’s very much a business issue and responsibility lie with everyone in the business.  Clearly this training needs to be part of an overall strategy, which again, need not be complex or onerous.  Most successful strategies follow the KISS principle – Keep It Simple Stupid.
  2. The next reasonably low-cost thing that ties in with Cyber Awareness Training and a security strategy is robust, well thought out policies and procedures, that have been rolled out across the work force and are monitored to ensure they remain relevant and that they are understood by all. Giving an employee the means to check what they should do if they suspect there is something nefarious going on, is simply giving them support, it is not there to catch them out or to use as a stick against them.  Many SMEs don’t have any such policies in place and many others have downloaded specimens from the internet, topped and tailed them and expect them to be enough, which they very rarely are.
  3. Next think about your backup strategy. Even when you are using a cloud-based provider, that doesn’t necessarily mean that your data is secure, although many providers would disagree, at least in their advertising.  How much better to have a strategy whereby your data is backed up overnight to a magnetic media storage point, which can be taken offline and stored in secure storage.  If you do that, then if you are subject to an attack and your data is locked up, you can have some or all workstations wiped and reloaded, and then have data restored from the tape, all of which would not take most SMEs offline for more than a day.  You then have a breathing space to sort everything out in the longer term.
  4. Email remains the top attack vector for many attacks, and this is one of them. There are many products on the market that will tell you that they will block as many malicious emails as possible, and many of these are very good at what they do.  For an SME, it will nearly always come down to a matter of cost and some of these products are more expensive than others.  Unfortunately, there are still a considerable number of SMEs out there, either using the cheapest anti malware product they could find, or even a free product.  You get what you pay for and if its free, you’ve got a problem.  Any product you choose to use must be mitigating an identified risk.  If a risk hasn’t been properly identified and a product selected that covers that risk off, as well as it can be covered off, then you’ve quite possibly wasted your money.

There is a product on the market from Abatis, which takes a very innovative approach to this.  Quite simply it blocks any executable not on your whitelist from running.  It takes a free 30 day evaluation for it to profile your network and build a list of executables that are in use daily by users.  So those that run your applications, email etc, and produces that list for human inspection.  Once agreed, that becomes your whitelist.  It’s extremely effective and so far, we haven’t found another product that takes this approach in blocking all forms of malware, including ransomware.

The overall message I would like to put across to all SMEs, is that you are just as vulnerable as anyone else, to this, and many other attacks.  Have you identified your risks?  Have you identified ways to mitigate those risks, enabling you to maximise your defensive spend.  Or have you just bought into an argument that says that you have a firewall and some anti-virus, you’re using a cloud provider and you’re therefore covered?  I’d welcome the opportunity to have that debate with you.

This is about defence in depth, marrying up people, process, and technology to give you the best protection you can afford.

Scroll to top