Spyware a Growing Concern for Businesses

spyware a growing concern for businesses
spyware a growing concern for businesses

According to a number of leaders in cybersecurity, spyware is becoming an issue of growing concern for businesses.  Malwarebytes, in its 2021 report, Malwarebytes 2021 State of Malware Report, observed that business spyware detections increased 51% in 2020.  These spyware infections can be found on both computers and mobile devices.

What is Spyware?

Spyware is a type of malware that infiltrates a device to collect sensitive information.  Information is collected by monitoring internet activity and using keylogger type technology to relay information to outside parties.  This information can be used to track users or to commit cybercrimes.

Often this information is sold to third party data firms without a user’s consent.  This data can include various types of personal information including:

  • Login credentials
  • Credit Card Details
  • Account PINs
  • Clipboard data
  • Email data
  • Bank Account Information
  • Text messages
  • User location
  • Activation of device microphones and cameras
  • Documents and photos

Types of Spyware

There are a variety of types of spyware programs currently being used.  Often these pose as legitimate software offerings.  These programs use technologies that can range from relatively simple methods that rely on unmitigated software security flaws or highly sophisticated hacks that can compromise advanced security systems.  Because these methods employ endpoint attacks they are immune to end-to-end encryption security measures.

Cookie Trackers

Cookie trackers monitor internet browser history.  Although this data has been a free target, a growing number of nation states and organizations have made moves to control its collection and use.  This includes the European Unions General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR), and the California Consumer Privacy Act (CCPA).  These actions have resulted in the terms and conditions additions on websites.

Adware

Adware tracks not only browsing habits but monitors downloads and basic computer user activity.  This type of malicious software not only share this information with outside parties but can slow down systems by using processor resources.

System Monitors

System monitors pose an even more malicious threat in that they can often capture vital information such as login credentials, messaging, and basically any information created or received on the device.  This can lead to loss of proprietary information and identity theft.

Stalkerware

Stalkerware is software designed to surreptitiously run in the background of smartphones.  Its purpose is to keep tabs on activities and report it to an outside party. Data captured can include location, phone calls and text messages, passwords, contacts, emails, and photos.

Security Practices for Preventing Spyware

The Cybersecurity and Ifrastructure Security Agency (CISA) provides the following advice for preventing unintended spyware installation:

  1. Avoid interaction with links within pop-up windows. CISA recommends clicking on the “X” icon in the title bar instead of using the “close” button inside the window.
  2. Select “no” or “cancel” when queried by unexpected dialog boxes that suggest running a program.
  3. Be especially wary of free downloadable software. These programs may not perform as advertised and create security issues. In fact any software should be carefully scrutinized before installation.
  4. Utilize browser security setting preferences to limit pop-up windows and cookies.
  5. Incorporate valid malware protection programs that include anti spyware detection.

Information Management Security Systems

Spyware is a growing concern for businesses and organizations of any size.  To effectively mitigate cybersecurity risks and their effects, it is important to institute effective Information Management Security Systems (ISMS).

An Information Security Management System is a collection of policies, procedures, and controls that systematically address information security in an organization.  It is a framework based on risk assessment and risk management.  The most widely recognized and instituted ISMS in the business environment is ISO 27001.  It shares many of the features of a quality management system such as ISO 9001. 

CVG Strategy Information Security Management System Consultants

We can help you meet your information security management system goals.  CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors.  We can provide the training required to understand and engage in a ISMS and make it meet desired objectives. This process includes defining the context of your organization, creation of internal auditing processes and much more.