The latest Cyberattack got a lot of media coverage and it has absolutely increased overall security awareness as a result. This ransomware spread incredibly fast and went unnoticed, with more than 200,000 infections in over 100 countries. How could these attacks been prevented and what basic security rules could be applied to help in the future?
The latest attack taught us that there are a lot of networks with vulnerable devices. Since March, the attack used techniques that were known in the market. It also didn’t help when Microsoft released a patch at this time. Apparently, many organizations did not patch their systems or were still using older Microsoft OS systems, such as Windows XP or Windows Server 2003. Microsoft released patches last weekend for these OS systems although these were not supported anymore.
Finding the right balance
One of my favorite quotes is “finding the right balance” because it can be applied to security. Sometimes, it is finding the right balance between budget and risk, flexibility and security, and service windows and productivity.
When we talk about security, it always comes down to people, processes, and technology, but also to prevent, detect and respond. At SecureLink, we deliver technical solutions, either as a project or as a Managed Service. With our recently introduced Security Maturity Assessment tool, we can also get insight on people, processes, and advise our customers.
Many companies do not have enough resources nor the knowledge of managing the different security components themselves. That is why we are seeing our Managed Security Services becoming a demand in the market. Our security specialists can help you monitor your environment 24×7 from our Cyber Defense Centers.
There are a lot of companies that are putting a lot of effort and money in preventing attacks; however, we do see that detection and response should also be monitored. It’s not uncommon for a hacker to remain undetected on a network for months. Thus, it is very important to have the necessary detection tools and have proper response plans. It is not the case for what we have seen last weekend, but figures from the latest FireEye report shows the average detection time in 2016 was 99 days.
Do not forget the basics
Last weekend’s attack was largely due to a vulnerability in Microsoft OS, which a patch was already available for. This has provoked many judgments and reactions saying ‘you should have a patch process in place for your business’. I completely agree with the remarks made but we should be realistic since it is not that simple for larger organisations. Again, it is finding the balance between taking the risk of installing a patch versus the risk that this vulnerability will be exploited. What we also have seen, especially where Healthcare embedded systems are used, is that their system is still based on Windows XP and is part of another solution such as a scanner. These systems are not always managed by the Internal IT team.
Basic security rules are:
- Segment your network, especially those systems that use embedded systems should be on a separate network
- Use modern anti-malware solutions on endpoints. In today’s environment, the endpoint itself becomes more and more important mainly due to mobility. A traditional signature-based solution is not enough anymore
- Make sure you have (tested!) backups of critical resources
- Keep your systems up-to-date
- Not applicable for what recently happened but it is important that you use multi-factor authentication when you log on to cloud applications
- Use modern security gateways on your perimeter and apply the necessary protection for incoming e-mail
Being on top of the trends in Cybersecurity is, of course, not always easy; finding skilled people is even more difficult. We provide Managed Security Services and help our customers to monitor their (security) infrastructure. This ranges from monitoring security devices, detecting breaches based on all the logs, detecting breaches based on behavioral analysis of network and/or user behavior up to a complete incident response service.
We also offer Secureprotect Endpoint within our Managed Security Service portfolio. Based on a modern solution, we can offer endpoint protection as a service in a pay-per-use model with monthly billing. This offering blocks you from ransomware like this.
For more information on this article or our managed services offering, please contact your local sales representative.