10 Ways Enterprises Can Battle Malware

NIST Keeps Pace with Changing Malicious Code Threat
10 Ways Enterprises Can Battle Malware

As malicious code rapidly evolves, the National Institute of Standards and Technology is updating its guidance to reflect changes in the threat malware presents organizations.

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

"Unlike most malware threats several years ago, which tended to be fast-spreading and easy to notice, many of today's malware threats are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time and eventually leading to exfiltration of sensitive data and other negative impacts," NISTG says is the just-published draft of Special Publication 800-83 Revision 1: Guide to Malware Incident Prevention and Handling for Desktops and Laptops.

NIST, in announcing the draft revision, points out that protecting desktops and laptops remains critical even as many government agencies and companies focus on mobile security. The guidance provides information on the major categories of malware that afflict desktop and laptop computers and furnishes practical procedures on how to prevent malware incidents and what to do when a system becomes infected.

To battle malware, the NIST guidance suggests organizations should:

  1. Develop and implement an approach to malware incident prevention.
  2. Plan and implement an approach to malware incident prevention based on the attack vectors that are most likely to be used now and in the near future.
  3. Ensure that their policies address prevention of malware incidents.
  4. Incorporate malware incident prevention and handling into their awareness programs.
  5. Implement awareness programs that include guidance to users on malware incident prevention.
  6. Maintain vulnerability mitigation capabilities to help prevent malware incidents.
  7. Document policy, processes and procedures to mitigate vulnerabilities that malware might exploit.
  8. Apply threat mitigation capabilities to assist in containing malware incidents.
  9. Perform threat mitigation to detect and stop malware before it can affect its targets.
  10. Consider using defensive architecture methods to reduce the impact of malware incidents.
  11. Sustain a robust incident response process capability that addresses malware incident handling.

NIST is seeking comments from stakeholders on the draft. Comments can be sent to 800-83comments@nist.gov by Aug. 31. A final revision is expected to be published by late summer.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.