Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/18/2020
02:00 PM
Ryan Weeks
Ryan Weeks
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cyber Fitness Takes More Than a Gym Membership & a Crash Diet

Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.

Every year, millions of people make New Year's resolutions to "get healthy." Sadly, studies show that less than 25% of them actually stay committed to their resolutions past the end of January, and only 8% completely see them through. The reason is that crash diets and costly gym memberships are merely tactics, not long-term strategies. (It's February. How are you doing with your resolutions?) The same is true for cyber fitness. Resolving to be more secure is worlds apart from actually making it happen.

Corporate spending on enterprise security increases every year in an attempt to prevent the next big breach, yet 2019 was record-breaking for breaches. This year, businesses of all sizes must avoid the crash-diet approach and make cybersecurity their top priority, moving away from the temptation of addressing individual problems with Band-Aids, and instead, move toward attaining long-term cyber fitness.

A Short and Effective Cyber Fitness Program
Traditional cybersecurity solutions, such as antivirus and email and spam filters, are no match for motivated cyber attackers. Reducing the risk of a successful cyberattack requires a multilayered approach that includes antivirus solutions plus the implementation of a total data protection strategy in order to maintain system health and improve online security.

● Exercise 1: Employee Education
Employees are the first line of defense against cyberattacks. Today, companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox. In 2019, phishing emails were the leading cause of successful attacks along with lack of cybersecurity training, weak passwords, and poor user practices.

● Exercise 2: A Multilayered Approach
In addition to education, endpoint security technology, perimeter protection, and patch management are essential to build and maintain cyber fitness. If an employee does fall victim to a phishing scam, anti-malware protections are necessary to prevent a widespread infection. Antivirus is critical but not bulletproof, as new strains of ransomware are being created faster than ever. This is why a good endpoint security strategy may layer traditional antivirus with advanced endpoint security technology that looks for odd behaviors and not just that which is known to be bad. It is imperative that organizations understand where vulnerabilities lie within their networks and develop a total data protection plan.

● Exercise 3: Total Data Protection
As employees become educated and antimalware solutions are implemented, organizations need to do their part by implementing the most up-to-date situational awareness and vulnerability intelligence to identify and patch potential vulnerabilities through consistent monitoring. Two-factor authentication (2FA) across all technology solutions is one of the most effective controls to reduce the likelihood of a successful attack. Again, strong endpoint security can help prevent and quarantine ransomware before the malware can fully execute.

● Exercise 4: A Continuity Strategy
Organizations should invest in and activate a business continuity and disaster recovery (BCDR) solution if an attacker gets through. Businesses should focus on how to restore and maintain operations in the midst of a ransomware attack. A solid, fast, and reliable BCDR solution is a critical part of a successful cyber-fitness program.

Four Steps to Cyberattack Recovery
Setbacks are bound to happen, regardless of how well prepared an organization is. It's important that organizations understand what to do should they occur and note that an organization's proactive prevention strategy plays a big role in how well and how quickly it can recover from an attack.

Step 1: Inform the IT Team and/or Managed Service Provider (MSP)
If someone identifies an intrusion, it is time to enlist the experts. Downtime costs are up 200% year-over-year, and the cost of downtime is 23 times greater than the average ransom. When the stakes are that high, it is important to leave resolving the situation to the individuals responsible for keeping the business, its data, and its customers safe.

Step 2: Isolate and Identify the Infection
Once experts are notified of the incident, their first step should be to isolate the infection to prevent further spreading. To do this, they will need to remove the infected computer from the network, or at a minimum restrict access to all ports except those that are essential to recovery and cleanup of the threat. It is also important to identify the strain of malware the organization is dealing with to best understand the severity of the issue at hand and how to best recover fully.

Step 3: Determine the Source of the Infection
After the infection has been isolated, it is important that the source of the infection be identified. Was the ransomware implanted through email, external ports, stolen credentials, web browsing, etc.? Determining the root source of the infection better enables the security team to completely strip the malware from the system and ensure that the vulnerability is addressed, preventing the same situation from happening again.

Step 4: Lay All the Options on the Table
The findings of the previous steps will help inform the organization of its options and determine what the next move is. Should it rely on cyber insurance to mitigate the issue? Can it afford to pay (or not pay) the ransom to get the business back up and running in a timely manner? Or, did the organization take all the necessary proactive measures and implement a BCDR solution that it can rely on? In 2019, 92% of MSPs surveyed found that their clients with BCDR solutions in place were less likely to experience significant downtime during a ransomware attack and four out of five reported that victimized clients with BCDR in place recovered from the attack in 24 hours or less.

Businesses need to take ransomware very seriously and prioritize a proactive strategy to fight off attackers. As stated earlier, setbacks are bound to happen, but they don't need to be crippling. As long as an organization is committed to a strong cyber-fitness program, it can ensure a solid baseline that positions itself well for eluding attackers and recovering more quickly should the worst occur.

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "8 Things Users Do That Make Security Pros Miserable."

As Chief Information Security Officer (CISO), Ryan Weeks is responsible for directing and managing Datto's Information Security program. Ryan spent 11 years securing enterprise applications, systems, and sensitive customer financial data at FactSet Research Systems, where he ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...