I don’t like the word malware. Sure, it’s a pretty good word, software that intends to do malicious stuff. However, it’s totally wrong for today in terms of identifying the risk source which in turn minimizes the threat level.
These days malware is a digital weapon being brandished by bad players at you! It’s humans that are attacking your data. Maybe they are attacking in noisy and brutal ways, maybe it’s a silent spy or perhaps it’s a stealthy adversary about to kidnap your data and hold it for ransom. Whatever the case, make no mistake, there are humans behind these targeted crimes.
So why does it matter? Calling it software downplays the seriousness of the attack, the intent of the attack and the ramifications of successfully perpetrating the crime. It also creates a false reliance on software and detection techniques.
Additionally, it incorrectly minimizes the response urgency and the response methods. Today we throw hardware (virtual or physical) to deal with volumetric attacks and software to deal with preventing, detecting and responding (well not really responding) to attacks. The problem with calling it malware is we respond in kind with hardware and software.
We’re missing the point, it’s a human! We have to start acting like it’s a human and respond in kind. Whether that’s enforcement or humans that can think about motives, countermoves and embrace physical methods, counter deception, distraction and complexity as countermeasures. We have to think as a human against a human. You may think it’s subtle, but I assure you it’s not. We also need to mobilize our human assets whether it’s employees to understand their role in being vigilant or enforcement that takes a more proactive role versus just forensics and prosecution after the fact.
Humans are attacking your company, don’t rely on mere fiscal purchases to hold back the tide. Gear can’t stop riots, gear can’t stop spies, gear can’t stop ransoms. Have talent in place, enlist talent and educate your employees.