Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/18/2020
02:00 PM
Ryan Weeks
Ryan Weeks
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cyber Fitness Takes More Than a Gym Membership & a Crash Diet

Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.

Every year, millions of people make New Year's resolutions to "get healthy." Sadly, studies show that less than 25% of them actually stay committed to their resolutions past the end of January, and only 8% completely see them through. The reason is that crash diets and costly gym memberships are merely tactics, not long-term strategies. (It's February. How are you doing with your resolutions?) The same is true for cyber fitness. Resolving to be more secure is worlds apart from actually making it happen.

Corporate spending on enterprise security increases every year in an attempt to prevent the next big breach, yet 2019 was record-breaking for breaches. This year, businesses of all sizes must avoid the crash-diet approach and make cybersecurity their top priority, moving away from the temptation of addressing individual problems with Band-Aids, and instead, move toward attaining long-term cyber fitness.

A Short and Effective Cyber Fitness Program
Traditional cybersecurity solutions, such as antivirus and email and spam filters, are no match for motivated cyber attackers. Reducing the risk of a successful cyberattack requires a multilayered approach that includes antivirus solutions plus the implementation of a total data protection strategy in order to maintain system health and improve online security.

● Exercise 1: Employee Education
Employees are the first line of defense against cyberattacks. Today, companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox. In 2019, phishing emails were the leading cause of successful attacks along with lack of cybersecurity training, weak passwords, and poor user practices.

● Exercise 2: A Multilayered Approach
In addition to education, endpoint security technology, perimeter protection, and patch management are essential to build and maintain cyber fitness. If an employee does fall victim to a phishing scam, anti-malware protections are necessary to prevent a widespread infection. Antivirus is critical but not bulletproof, as new strains of ransomware are being created faster than ever. This is why a good endpoint security strategy may layer traditional antivirus with advanced endpoint security technology that looks for odd behaviors and not just that which is known to be bad. It is imperative that organizations understand where vulnerabilities lie within their networks and develop a total data protection plan.

● Exercise 3: Total Data Protection
As employees become educated and antimalware solutions are implemented, organizations need to do their part by implementing the most up-to-date situational awareness and vulnerability intelligence to identify and patch potential vulnerabilities through consistent monitoring. Two-factor authentication (2FA) across all technology solutions is one of the most effective controls to reduce the likelihood of a successful attack. Again, strong endpoint security can help prevent and quarantine ransomware before the malware can fully execute.

● Exercise 4: A Continuity Strategy
Organizations should invest in and activate a business continuity and disaster recovery (BCDR) solution if an attacker gets through. Businesses should focus on how to restore and maintain operations in the midst of a ransomware attack. A solid, fast, and reliable BCDR solution is a critical part of a successful cyber-fitness program.

Four Steps to Cyberattack Recovery
Setbacks are bound to happen, regardless of how well prepared an organization is. It's important that organizations understand what to do should they occur and note that an organization's proactive prevention strategy plays a big role in how well and how quickly it can recover from an attack.

Step 1: Inform the IT Team and/or Managed Service Provider (MSP)
If someone identifies an intrusion, it is time to enlist the experts. Downtime costs are up 200% year-over-year, and the cost of downtime is 23 times greater than the average ransom. When the stakes are that high, it is important to leave resolving the situation to the individuals responsible for keeping the business, its data, and its customers safe.

Step 2: Isolate and Identify the Infection
Once experts are notified of the incident, their first step should be to isolate the infection to prevent further spreading. To do this, they will need to remove the infected computer from the network, or at a minimum restrict access to all ports except those that are essential to recovery and cleanup of the threat. It is also important to identify the strain of malware the organization is dealing with to best understand the severity of the issue at hand and how to best recover fully.

Step 3: Determine the Source of the Infection
After the infection has been isolated, it is important that the source of the infection be identified. Was the ransomware implanted through email, external ports, stolen credentials, web browsing, etc.? Determining the root source of the infection better enables the security team to completely strip the malware from the system and ensure that the vulnerability is addressed, preventing the same situation from happening again.

Step 4: Lay All the Options on the Table
The findings of the previous steps will help inform the organization of its options and determine what the next move is. Should it rely on cyber insurance to mitigate the issue? Can it afford to pay (or not pay) the ransom to get the business back up and running in a timely manner? Or, did the organization take all the necessary proactive measures and implement a BCDR solution that it can rely on? In 2019, 92% of MSPs surveyed found that their clients with BCDR solutions in place were less likely to experience significant downtime during a ransomware attack and four out of five reported that victimized clients with BCDR in place recovered from the attack in 24 hours or less.

Businesses need to take ransomware very seriously and prioritize a proactive strategy to fight off attackers. As stated earlier, setbacks are bound to happen, but they don't need to be crippling. As long as an organization is committed to a strong cyber-fitness program, it can ensure a solid baseline that positions itself well for eluding attackers and recovering more quickly should the worst occur.

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "8 Things Users Do That Make Security Pros Miserable."

As Chief Information Security Officer (CISO), Ryan Weeks is responsible for directing and managing Datto's Information Security program. Ryan spent 11 years securing enterprise applications, systems, and sensitive customer financial data at FactSet Research Systems, where he ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.