The term is made up of “mal” for “evil, bad” and the word part “-ware” from software. It therefore refers to harmful software; terms such as malware and malicious programs are also used synonymously. Malware is the generic term for computer viruses, Trojans, ransomware, worms and spyware, among others.
Malware attacks account for the majority (53%) of cyber incidents at companies, according to a survey by the German Federal Office for Information Security (BSI).
Interestingly, the vast majority of this malware – 90% – is distributed as a link or attachment via email.
More and more targeted malware attacks on companies are currently being observed, often with extortionate intentions. However, attackers may also be targeting sensitive data, patents or contracts.
This is just one of many possible examples: Carelessly opening a supposed invoice in an email attachment can ensure that all computers, servers and even back-ups connected to the company network are encrypted and can no longer be used. In the event of a cyber incident, malware can have a different impact on your day-to-day work depending on the type. Documents can disappear, systems can be damaged or even sensitive data can be transferred almost imperceptibly. The aim of the attack may be to spy on your company, incapacitate you or blackmail you.
Almost all measures that reduce your cyber risk increase your protection against malware attacks.
These measures are extensive and should be determined individually according to your company’s cyber risk assessment
However, almost any measure is better than none. For example, raising awareness among your employees is essential, especially in view of the high proportion of malware distributed by email.
You should make regular backups in the event of blackmail and data loss. These (or copies) should be stored offline or in separate networks so that they remain usable even in the event of large-scale, targeted attacks.
