Implementing the five actions described in this article can help reduce your organisation’s cyber risk and bolster its security defences, says Carey van Vlaanderen, CEO at ESET Southern Africa.
Securing the information systems that keep your organisation running is an ongoing endeavour that needs to evolve over time in response to trends in the threat landscape. As our IT systems grow in scale and complexity, new cyber risks arise. At the same time, threat actors have been growing in number; and their means, methods, and motivations are evolving.
ESET has identified five action items to reduce your cyber-risk and fine-tune your cybersecurity program, based on the trends identified by ESET security researchers in Cybersecurity Trends 2018
- Review your ransomware response plan
- Check your power supply
- Map data for better security and compliance
- Update server protection
- Push IT security training wider and deeper
- Review your ransomware response plan
Ransomware is not likely to recede in 2018. Maliciously encrypting someone’s files so they cannot use them is proving to be a popular attack. ESET anticipates a continued growth of ransomware in three main categories: broad attacks, targeted attacks, and destructive attacks. While attacks in the first two categories typically involve a good faith offer to provide the victim with a key to unlock their files in return for payment, attackers in the final category have no intention of providing a key.
While a properly deployed and appropriately managed endpoint protection product offers a strong defence against all three forms of attack, there is always a chance that the bad guys will find a gap in your defences – like a forgotten server that IT never knew about, or an employee who just won’t stop clicking in all the wrong places.
That is why every organisation needs to have a ransomware response plan in place. This plan tells everyone in the organisation what they need to do if there is a ransomware attack, from the first sign of compromise to the technical escalation process, management notifications, PR handling, and so on.
If there is one thing worse than being hit with a ransomware attack, it is not being ready to respond to a ransomware attack. Consider this your number one cybersecurity action item for 2018.
2. Check your power supply
The second action item concerns the supply of electricity that makes all of this digital technology work. What steps has your organization taken to continue operating in the event of a power outage? Do employees know what to do when the power goes out? Is there an office-wide backup power generator? How quickly does it kick in? While your organisation may have the answers to these questions, do you know where they are documented?
Remember, availability is one of the three pillars of cybersecurity (the other two being confidentiality and integrity). If your systems don’t have power they are not going to provide availability.
3. Map data for better security and compliance
The third action item arises from changes in the world of data privacy that were highlighted in the 2018 Trends. It is more important than ever for your organisation to know what data it is handling, along with why, where, and how. In other words, you need to carry out what is variously called a data inventory, a data audit, or data flow mapping. The idea is to make sure that all the uses of data by the organization are documented so that they can be appropriately protected, and compliance data privacy requirements are being met.
A thorough data inventory and mapping project will uncover data of which the organization was not appropriately aware. The classic case is a marketing database that was created for a project that ended but was never properly retired. Sadly, ESET has seen breach after breach where hackers found servers “outside the fold” and weakly protected.
4. Update server protection
Your data “audit” should produce a catalogue of all of the organization’s servers that are processing or storing vital data. This provides input for the fourth action item: updating server protection. We saw attacks on internet-accessible servers increase in 2017 and we expect this trend to continue in 2018. Classic attacks include brute-forcing credentials for Remote Desktop Protocol (RDP) access, then turning off endpoint protection and encrypting the server contents for ransom.
In some cases, server attacks are almost too easy, like typing “admin” for the user name and password (which worked against an Equifax server in Argentina last year, an incident overshadowed by the company’s larger 143 million record breach due to delayed patching of a widely-reported server code vulnerability). So now is the time to check how well your servers are protected against outsider attacks.
Here are four key questions to ask about each server:
1. Is access to this server protected by two-factor authentication?
2. Is this server running properly configured and appropriately managed endpoint protection (which would prevent unauthorized attempts to turn off protection)?
3. Is data on this server appropriately encrypted?
4. Is the server regularly backed up with archives stored off-site and off-line?
These days you need to be able to answer “yes” to all four questions, with no exceptions.
5. Push security training wider and deeper
The fifth and final action item stems from two 2018 trends that concern ESET researchers: continued growth of criminally malicious hacking and something you might call socially-malicious hacking, like efforts to disrupt elections and other pillars of civil society. Both trends remind us that information security is a society-wide problem. Smart organizations know that “security is everyone’s responsibility.” One clear implication of this reality is that everyone in your organisation needs security awareness training.
Any sizable organisation also needs training that is tailored to the specific needs and policies of your company as well as specific roles within the company.