vi logo

Malware Awareness in SMOs


SaRB for SMOs Action Info

Security Management Group:

Getting caught by malware

Malware is used by attackers to enable them to get to you, your data, or other assets. Getting it onto organisations' systems has become a real are on the part of attackers, everyday anyone communicating with the world using technology is likely to come across many attempts to infect them.

This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.

 Glossary Terms in this Blog Article - hover to view, click for full glossary.

What is malware?

Malware is a generic term for malicious software and encompasses anything that has been designed to affect the confidentiality, integrity, and availabilityof data and/or computer systems without permission, to commitextortion, theft,fraud, orenableunauthoriseduse. Malware is mostly created by criminals, including organised crime, as well as nation states and activists, but can also be created accidentally.

{cbscrollpane align="right" width="350"}The term ‘malware’ is often interchangeable with the term ‘virus’, especially anti-virus, as just about all anti-virus solutions are also anti-malware.{/cbscrollpane}

Malware Growth

Malware is not a new phenomenon, going back to the 1980s, their impact was limited as often the infection route was via floppy disk, but as the internet developed in the 90s, together with huge increasesin the use of computers at both home and work,the impact of malware also grew. By thestart of the21stCentury, malware could infect millions of computers withinhours of being releasedas broadband services replaced dial-up internet access.

Over the past decade the leaps in the speed of our internet connections on both fixed and mobile connections, together with the shift to cloud computing, has allowed the criminals to develop malware to carry out multiple crimes, often without the victims knowledge.To get a sense of the scale of the current problem,the AV-TEST Institute( over 350,000new malwareprograms and potentially unwanted applicationsevery day, with over malware accounting for over 89%.

Over the past 10 years the total number of malware programs has grown from 65 million to 1069 million. This is in part due tothe growth inmalware designed formobilesand tablet operating systems like Google Android, as well as computing operating systems such as Microsoft Windows and Apple MacOS.One of most predominanttypes ofmalwarewith the greatest impact is ransomware, whereindividuals and organisationsare locked out of their computers or locked out of their data and extortedfor large sums of moneyto regain access.Many Organisations never fully recover from a major ransomware infection and go under within 6 months.

How Malware Spreads?

Sometimes differenttypes of malware are given names based on what their creators are trying to achieve,such as a Key Logger, Botnet, File Stealer,Cryptojacker, Remote Access Trojan, Spyware and Adware, while other typesare namedbased on theirinfection route ordelivery method, such as a Virus, Worm, Rootkit or ExploitKit.New types of malware areconstantly beingdeveloped, so thisis by no means an exhaustivelistand will only get longer over time.Also, just because a piece of malware has atypeor name, thatdoes notmean it is limited to that one function. In many cases the trendisformalware thatfirstestablishes a foothold onto a user’s computer, assesses the potential for various activities and chooses the most profitable, or a combination of functions.

In over 90% of situations,the main infection route formalwareis via email, either as an attachment or a link in the email. The other methods includecompromising established websites, typo-squatting established domains, compromising remote access tools,compromised software updates, fake online services, cracked software, bogussocial media messages and posts, even dropping infected USB memory sticks in car parks.

Another way to look at it is, that malware is essentially computer code, and to consider how this computer coder gets from one place and onto your organisations' computer. There are two obvious ways that this happen, firstly if that code is in a file it can get into Organisations in at least the following ways:

This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.

Default sample Threat Map infographic

Infographic images are copyright of Virtually Informed, and available to registered users for download during the publication week of the blog article together with other downloadable resources, including: all related infographics on this page, example policy templates, posters, screen savers and much more. 

Actions and Activities

Now, on SaRB for SMOs:

  • Help us to help you by completing our short poll on this topic (only available when article is published).
  • Let us know which FAQs you would like us to answer.

Later, in your Organisation:

  • Complete Board level Policy Review
  • Update Policy
  • Present to the Board for Agreement

Finally, if you know anyone who could benefit from the information you have viewed, please invite them to register for SaRB for SMOs and share our resources with them.

Follow-up Resources:

Virtually Informed Resources:

  • Glossary - at the top of this blog article (link to items).
  • Infographics (Downloadable in the week of publication).
  • Download Items - Policy Templates, etc. (Downloadable in the week of publication).
  • FAQ’s (Available soon).
  • Blog articles (link to items )
  • How To articles (links only available to Premium subscribers).
  • Other content (available soon)

External Resources:

  • Ponemon Institute Survey
  • Other Survey information

Images from