Minimizing the Cost of Malware

• Published date: 01 March 2015
• DOI: http://doi.org/10.1002/jcaf.22029
• Author: Kurt Fanning
• Date: 01 March 2015

7

f

e

a

t

u

r

e

a

r

t

i

c

l

e

© 2015 Wiley Periodicals, Inc.

Published online in Wiley Online Library (wileyonlinelibrary.com).

DOI 10.1002/jcaf.22029

in. Such situations are a good

recipe for malware to enter their

system.

A major reason for this

growth in encounters with mal-

ware is the growth of the use

of mobile devices for the firm’s

activities. One reason for this

growth is the change in many

firms’ policy toward employees

using their own devices for busi-

ness operations. This is com-

monly known as the “bring your

own devices” (BYOD) issue. For

many years, IT had been enforc-

ing a policy of employees per-

forming their tasks on company

issued and controlled computers

and mobile devices. However,

most employees, especially the

younger employees, were more

Kur t Fanning

Malware is software that causes harm to the

victim. This article explains several aspects of

malware, including ransomware, mobile devices,

and special issues relating to small business.

The article discusses how malware gets into the

system and how firms can reduce their costs by

avoiding malware. Suggestions include always

having the most current version of software. It is

also important to find and eliminate holes in the

firewall. Next-generation firewalls should prob-

ably be included in information technology (IT)

budgets: They have more integrated deep-packet

inspection, intrusion detection, application identi-

fication, and granular control than first-generation

firewalls. © 2015 Wiley Periodicals, Inc.

M inimizing the Cost of Malware

INTRODUCTION

Malware—software

that causes harm—is

becoming a major

cost to many firms. By

minimizing the costs

associated with mal-

ware, firms can provide

additional funds for

operations while help-

ing to increase the

firm’s efficiency. Thus,

those charged with run-

ning a firm should be

motivated to find ways

to diminish the costs of

malware. This article

attempts to explain

malware, provides

some guidelines on dealing with

malware, and provides ways to

reduce the cost of malware.

Most firms’ encounters

with malware are growing

both in instances and cost. A

major reason is the growth of

mobile devices. Surveys indicate

that supporting the increas-

ing numbers of mobile devices

is the information technology

(IT) professional’s top security-

related challenge. Many firms’

networks are being overwhelmed

by employees logging in with

different mobile devices, their

cloud-based applications provid-

ing access to company data, and

remote employees utilizing an

array of configurations to log

comfortable with

their own device and

were circumvent-

ing IT controls in

order to use their

own device. In order

to restore some

operational control,

firms are changing

their policy to one

where employees

can use their own

mobile devices. Part

of the reasoning for

the change is the

hope that employ-

ees will follow the

firm’s guidelines

and understand the

importance of controls. This is

not going to always be the case.

So, along with additional expo-

sure from the employee’s use of

mobile devices and the relaxing

of the controls over the use of

personal mobile devices, the

firms are greatly increasing their

risk of exposure to malware.

The first problem with the

new policy is that the devices

that employees use are no lon-

ger standardized on a single

company-issued device. This

increase in diversity of mobile

devices makes it more difficult

to establish and enforce effective

control procedures. The second

problem is the lack of knowledge

regarding the firm’s security

controls by many of the firm’s