Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/18/2020
02:00 PM
Ryan Weeks
Ryan Weeks
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cyber Fitness Takes More Than a Gym Membership & a Crash Diet

Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.

Every year, millions of people make New Year's resolutions to "get healthy." Sadly, studies show that less than 25% of them actually stay committed to their resolutions past the end of January, and only 8% completely see them through. The reason is that crash diets and costly gym memberships are merely tactics, not long-term strategies. (It's February. How are you doing with your resolutions?) The same is true for cyber fitness. Resolving to be more secure is worlds apart from actually making it happen.

Corporate spending on enterprise security increases every year in an attempt to prevent the next big breach, yet 2019 was record-breaking for breaches. This year, businesses of all sizes must avoid the crash-diet approach and make cybersecurity their top priority, moving away from the temptation of addressing individual problems with Band-Aids, and instead, move toward attaining long-term cyber fitness.

A Short and Effective Cyber Fitness Program
Traditional cybersecurity solutions, such as antivirus and email and spam filters, are no match for motivated cyber attackers. Reducing the risk of a successful cyberattack requires a multilayered approach that includes antivirus solutions plus the implementation of a total data protection strategy in order to maintain system health and improve online security.

● Exercise 1: Employee Education
Employees are the first line of defense against cyberattacks. Today, companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox. In 2019, phishing emails were the leading cause of successful attacks along with lack of cybersecurity training, weak passwords, and poor user practices.

● Exercise 2: A Multilayered Approach
In addition to education, endpoint security technology, perimeter protection, and patch management are essential to build and maintain cyber fitness. If an employee does fall victim to a phishing scam, anti-malware protections are necessary to prevent a widespread infection. Antivirus is critical but not bulletproof, as new strains of ransomware are being created faster than ever. This is why a good endpoint security strategy may layer traditional antivirus with advanced endpoint security technology that looks for odd behaviors and not just that which is known to be bad. It is imperative that organizations understand where vulnerabilities lie within their networks and develop a total data protection plan.

● Exercise 3: Total Data Protection
As employees become educated and antimalware solutions are implemented, organizations need to do their part by implementing the most up-to-date situational awareness and vulnerability intelligence to identify and patch potential vulnerabilities through consistent monitoring. Two-factor authentication (2FA) across all technology solutions is one of the most effective controls to reduce the likelihood of a successful attack. Again, strong endpoint security can help prevent and quarantine ransomware before the malware can fully execute.

● Exercise 4: A Continuity Strategy
Organizations should invest in and activate a business continuity and disaster recovery (BCDR) solution if an attacker gets through. Businesses should focus on how to restore and maintain operations in the midst of a ransomware attack. A solid, fast, and reliable BCDR solution is a critical part of a successful cyber-fitness program.

Four Steps to Cyberattack Recovery
Setbacks are bound to happen, regardless of how well prepared an organization is. It's important that organizations understand what to do should they occur and note that an organization's proactive prevention strategy plays a big role in how well and how quickly it can recover from an attack.

Step 1: Inform the IT Team and/or Managed Service Provider (MSP)
If someone identifies an intrusion, it is time to enlist the experts. Downtime costs are up 200% year-over-year, and the cost of downtime is 23 times greater than the average ransom. When the stakes are that high, it is important to leave resolving the situation to the individuals responsible for keeping the business, its data, and its customers safe.

Step 2: Isolate and Identify the Infection
Once experts are notified of the incident, their first step should be to isolate the infection to prevent further spreading. To do this, they will need to remove the infected computer from the network, or at a minimum restrict access to all ports except those that are essential to recovery and cleanup of the threat. It is also important to identify the strain of malware the organization is dealing with to best understand the severity of the issue at hand and how to best recover fully.

Step 3: Determine the Source of the Infection
After the infection has been isolated, it is important that the source of the infection be identified. Was the ransomware implanted through email, external ports, stolen credentials, web browsing, etc.? Determining the root source of the infection better enables the security team to completely strip the malware from the system and ensure that the vulnerability is addressed, preventing the same situation from happening again.

Step 4: Lay All the Options on the Table
The findings of the previous steps will help inform the organization of its options and determine what the next move is. Should it rely on cyber insurance to mitigate the issue? Can it afford to pay (or not pay) the ransom to get the business back up and running in a timely manner? Or, did the organization take all the necessary proactive measures and implement a BCDR solution that it can rely on? In 2019, 92% of MSPs surveyed found that their clients with BCDR solutions in place were less likely to experience significant downtime during a ransomware attack and four out of five reported that victimized clients with BCDR in place recovered from the attack in 24 hours or less.

Businesses need to take ransomware very seriously and prioritize a proactive strategy to fight off attackers. As stated earlier, setbacks are bound to happen, but they don't need to be crippling. As long as an organization is committed to a strong cyber-fitness program, it can ensure a solid baseline that positions itself well for eluding attackers and recovering more quickly should the worst occur.

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "8 Things Users Do That Make Security Pros Miserable."

As Chief Information Security Officer (CISO), Ryan Weeks is responsible for directing and managing Datto's Information Security program. Ryan spent 11 years securing enterprise applications, systems, and sensitive customer financial data at FactSet Research Systems, where he ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11565
PUBLISHED: 2020-04-06
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa.
CVE-2020-11558
PUBLISHED: 2020-04-05
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_m...
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.