We do have answers, one of which is a very short, blunt and not particularly politically correct answer.
And then of course, there is the answer that we would write!
So first, let’s be blunt.
The answer is that your IT advisors are likely not cybersecurity experts, and so are not on top of the market, or spend years in the cyber security market to to find the best tool for the job.
They are very likely to have been supplying an antivirus program to their customers, probably from a well-known vendor, and it’s not in their interest to go and tell their customers that it is not good enough. In many cases, they probably are not even aware that it’s no longer fit for purpose.
This only leaves them with the option of telling their customers that the antivirus is protecting them and of course it is good enough! After all, they would look a bit stupid if they went to the customer that they’ve sold the antivirus to and said, “We know our antivirus solution is a bit rubbish”
To be fair, we can’t paint everyone with the same brush and we know there are some IT companies that have done just as we did and went to their customers and said “we have discovered our solution is no longer fit for purpose, and there is a better one suited to today’s needs”. This approach probably cost them some customers, as they clearly had high appetite for risk and didn’t think the protection was necessary for the additional cost.
Some of our clients said “Okay, great. Thank you.”, while others said “We don’t really like the price and are happier with less protection and lower cost”.
Others simply said “No, we are not going pay any more and we will be looking for another supplier” This is the main reason why most IT companies will not tell you to do the right thing – they are scared of losing customers and revenue.
So, why is it antivirus not good enough?
All legacy antivirus is reliant on doing database lookups to identify any threats. Every single time it does a scan, it has to effectively pick up the Yellow Pages (list of viruses and threats) and go through the entire book looking for a match. If it finds a match it to something in there, it’s lists it as threat. If it can’t match it to anything in the book, then it’s not a threat and lets it go.
The issue that that yellow pages is growing at the rate of four new entries a second. By the time it’s printed and shipped out, and everybody’s got their copy, it’s out of date by thousands or hundreds of thousands of entries, as there are 345,600 new threats added every single day, and it’s not decreasing!
This basically leaves you with a solution that is just not fit for the purpose of protecting you against any new or currently unknown threats, not to mention it is not very effective as it relies on constantly looking the threats up every time.
But, you say, it does protect me against millions of known threats, doesn’t it – surely that is better than nothing!?
The problem we face is that the hackers aren’t stupid. Why would they use old threats that they know most solutions can block? That’s why they’re building new ones every four seconds because they’re looking for ways around existing security.
What you actually need is a solution that’s going to look for patterns of behaviour rather than doing a look up in an antiquated system.
For want of a better example, it’s like the difference between using live facial recognition to identify threats rather than relying on someone walking around with a photo and putting it up next to everybody to decide who’s a threat and who’s not. Or even worse, having to use a multiple massive libraries of photos if you’re talking about a proper criminal database.
In short, you get what you pay for in life – cheap can be nasty, and if the advice is not coming from a confirmed expert or authority on the subject, make sure you take a look around and aksi ask what is the motivation for them actually supplying you
And remember! Antivirus is usually sold as a product and proper Cyber security is sold as a managed service!