Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/18/2020
02:00 PM
Ryan Weeks
Ryan Weeks
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cyber Fitness Takes More Than a Gym Membership & a Crash Diet

Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.

Every year, millions of people make New Year's resolutions to "get healthy." Sadly, studies show that less than 25% of them actually stay committed to their resolutions past the end of January, and only 8% completely see them through. The reason is that crash diets and costly gym memberships are merely tactics, not long-term strategies. (It's February. How are you doing with your resolutions?) The same is true for cyber fitness. Resolving to be more secure is worlds apart from actually making it happen.

Corporate spending on enterprise security increases every year in an attempt to prevent the next big breach, yet 2019 was record-breaking for breaches. This year, businesses of all sizes must avoid the crash-diet approach and make cybersecurity their top priority, moving away from the temptation of addressing individual problems with Band-Aids, and instead, move toward attaining long-term cyber fitness.

A Short and Effective Cyber Fitness Program
Traditional cybersecurity solutions, such as antivirus and email and spam filters, are no match for motivated cyber attackers. Reducing the risk of a successful cyberattack requires a multilayered approach that includes antivirus solutions plus the implementation of a total data protection strategy in order to maintain system health and improve online security.

● Exercise 1: Employee Education
Employees are the first line of defense against cyberattacks. Today, companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox. In 2019, phishing emails were the leading cause of successful attacks along with lack of cybersecurity training, weak passwords, and poor user practices.

● Exercise 2: A Multilayered Approach
In addition to education, endpoint security technology, perimeter protection, and patch management are essential to build and maintain cyber fitness. If an employee does fall victim to a phishing scam, anti-malware protections are necessary to prevent a widespread infection. Antivirus is critical but not bulletproof, as new strains of ransomware are being created faster than ever. This is why a good endpoint security strategy may layer traditional antivirus with advanced endpoint security technology that looks for odd behaviors and not just that which is known to be bad. It is imperative that organizations understand where vulnerabilities lie within their networks and develop a total data protection plan.

● Exercise 3: Total Data Protection
As employees become educated and antimalware solutions are implemented, organizations need to do their part by implementing the most up-to-date situational awareness and vulnerability intelligence to identify and patch potential vulnerabilities through consistent monitoring. Two-factor authentication (2FA) across all technology solutions is one of the most effective controls to reduce the likelihood of a successful attack. Again, strong endpoint security can help prevent and quarantine ransomware before the malware can fully execute.

● Exercise 4: A Continuity Strategy
Organizations should invest in and activate a business continuity and disaster recovery (BCDR) solution if an attacker gets through. Businesses should focus on how to restore and maintain operations in the midst of a ransomware attack. A solid, fast, and reliable BCDR solution is a critical part of a successful cyber-fitness program.

Four Steps to Cyberattack Recovery
Setbacks are bound to happen, regardless of how well prepared an organization is. It's important that organizations understand what to do should they occur and note that an organization's proactive prevention strategy plays a big role in how well and how quickly it can recover from an attack.

Step 1: Inform the IT Team and/or Managed Service Provider (MSP)
If someone identifies an intrusion, it is time to enlist the experts. Downtime costs are up 200% year-over-year, and the cost of downtime is 23 times greater than the average ransom. When the stakes are that high, it is important to leave resolving the situation to the individuals responsible for keeping the business, its data, and its customers safe.

Step 2: Isolate and Identify the Infection
Once experts are notified of the incident, their first step should be to isolate the infection to prevent further spreading. To do this, they will need to remove the infected computer from the network, or at a minimum restrict access to all ports except those that are essential to recovery and cleanup of the threat. It is also important to identify the strain of malware the organization is dealing with to best understand the severity of the issue at hand and how to best recover fully.

Step 3: Determine the Source of the Infection
After the infection has been isolated, it is important that the source of the infection be identified. Was the ransomware implanted through email, external ports, stolen credentials, web browsing, etc.? Determining the root source of the infection better enables the security team to completely strip the malware from the system and ensure that the vulnerability is addressed, preventing the same situation from happening again.

Step 4: Lay All the Options on the Table
The findings of the previous steps will help inform the organization of its options and determine what the next move is. Should it rely on cyber insurance to mitigate the issue? Can it afford to pay (or not pay) the ransom to get the business back up and running in a timely manner? Or, did the organization take all the necessary proactive measures and implement a BCDR solution that it can rely on? In 2019, 92% of MSPs surveyed found that their clients with BCDR solutions in place were less likely to experience significant downtime during a ransomware attack and four out of five reported that victimized clients with BCDR in place recovered from the attack in 24 hours or less.

Businesses need to take ransomware very seriously and prioritize a proactive strategy to fight off attackers. As stated earlier, setbacks are bound to happen, but they don't need to be crippling. As long as an organization is committed to a strong cyber-fitness program, it can ensure a solid baseline that positions itself well for eluding attackers and recovering more quickly should the worst occur.

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "8 Things Users Do That Make Security Pros Miserable."

As Chief Information Security Officer (CISO), Ryan Weeks is responsible for directing and managing Datto's Information Security program. Ryan spent 11 years securing enterprise applications, systems, and sensitive customer financial data at FactSet Research Systems, where he ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15864
PUBLISHED: 2021-01-17
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...