- Posted by tid_support
- On 21 July 2017
- 0 Comments
- cyber threats, cyber warfare, firewall, monitoring, NotPetya, Petya, ransomware, WannaCry
Cyber security: An ever-evolving threat landscape that is only just beginning to take shape.
Not long ago, endpoint security was all about viruses and email worms. In hindsight, those were the happy days. Few threats from yesteryear were financially motivated with the exception of industrial espionage. Today business faces a significantly more comprehensive and sinister threat in the form of ransomware. Ransomware threats encrypt files or block access to systems demanding that a fee be paid to recover access to these systems. It is certainly never recommended to pay the fee as the trustworthiness of a cyber-criminal ransoming your data is probably questionable. Some ransomware attacks do not come from commercial pirates, but are actually a form of cyber warfare waged by governments against the systems of enemy states. These wargames are indiscriminant and business systems are often affected too. The latest WannaCry, Petya, NotPetya and Goldeneye attack waves are examples of this type of warfare. Even though there is a demand for payment, the demands are often fake and are nothing more than an attempt to hide the true purpose of the threat.
Securing your environment is as important as connecting your environment to the outside world. The smallest business, the one-man operation all the way through to the multinational conglomerate are all equally vulnerable. Unlike industrial espionage, cyber threats do not target the wealthiest or most successful operations. These threats are automated, run on hijacked equipment and are opportunistic in nature.
Every endpoint, or device, in your business is vulnerable and must be secured as far as is practically possible. This includes not only user computers, servers, firewalls and such, but also smartphones, printers, switches, IP cameras and every device physically connected to the corporate network.
The secure endpoint
A secure endpoint is achievable with some effort and knowledge. The fundamentals are simple enough and all it takes is a consistent methodology to ensure that these are completed religiously. While there is no such thing as a 100% secure endpoint while it is running, a comprehensively secured endpoint is within reach of most devices. User intelligence also plays a key role as user actions more often than not lead to vulnerabilities on their devices.
Secure endpoints have the following in common. They are:
Up to date security patched
All devices must be patched with at least operating system security updates. Microsoft release security updates every week. These updates are critical and must be applied to every Windows computer in the organization. Unpatched machines will be most vulnerable and even advanced security suites and 3rd party products will not effectively protect an unpatched endpoint.
Knowing the patch level and patch status of each endpoint is crucial to any person responsible for the security management of systems in business.
Up to date security suite
All devices must have comprehensive security suites configured and running. Such security suites protect devices against viruses, worms and other traditional threats. Being up to date with these definitions is critical too. Security suites that are not current are not effective against the traditional style security threats and will leave endpoints exposed.
Knowing what the patch level of all devices in the business is, will simplify security management and highlight any devices that are non-compliant or that may be vulnerable.
Up to date ransomware protection
Ransomware operates differently to virus and traditional cyber threats. Ransomware normally uses legitimate systems and process on computer systems to take ownership of the device. As a result, the traditional security suites do not detect these threats until after they have struck. Specialized ransomware security products are now available that are effective in protecting systems against ransomware attacks. These products are also able to co-exist with other security suites on endpoints.
Monitor the status of each device and take prompt action when necessary. Do not count on the user to take action or to notify you. Implement a system that will notify you of issues, either via email or via a dashboard. Spending money and effort implementing security measures and not having the ability to monitor the health of those in real time, is probably not worth the effort.
Up to date perimeter firewall with ransomware protection
The corporate network needs to be protected at the perimeter. That means that it needs protection where the corporate network ends and the internet starts. A firewall offers this protection. This is not the Windows firewall that is on the user computer but a device that is installed between the cable form the ISP and the corporate network. It intercepts all traffic that enters and leaves the network and offers protection against a wide range of cyber threats. Some firewalls now include specific functionality that also protects against ransomware threats by inspecting downloads in a sandbox before allowing it through onto the network and the user device.
Firewalls are vulnerable too and require ongoing patching to keep them secure as vulnerabilities are identified and addressed. It is not a case that once installed, the firewall will provide ongoing protection without the need for maintenance. Firewalls are also computers and as we have seen, every computer is vulnerable. Keeping your firewall secure is crucial in your efforts to keep the remainder of your business assets secure.
Know when threats are detected and where they are heading. Keep your perimeter protection healthy and effective by monitoring and effective maintenance. Best practices evolve constantly and require a finger on the pulse of things.
If your endpoint is going to be a data / document repository, it must be backed up. Backups are the most fundamental tool in the battle against cyber-crime. While backups are completely infective against data theft, they do remain effective against data loss. Servers in particular need to be backed up frequently, but user devices may need backing up too. This will depend on the nature of your users, business and environment. Mobile users often carry information on their mobile computers which is not present at that point in time on the corporate network, and in such cases their devices may need to be backed up too.
Backups are not something that you would consider instead of the other items though. Instead you would implement all of them as part of your corporate security tactics.
Knowing which systems are backed up, when they were last backed up and what is the reason for them to not be backed up is vital. Configuring backups and assuming that they are running successfully is a very common yet dangerous assumption. Monitor backup logs frequently to ensure that the backups are running, and do test restores from time to time to verify the integrity of those backups. It is preferable to know that the backup set is un-restorable before you need to restore as it will give you the opportunity to address the issue while you are still able to.
Each of these steps is important. Collectively they offer a mesh of practices that will assist in protecting your business information against the threat of cyber-attack in the form of ransomware and traditional virus threats. Making sure that each of these areas is happening as it is expected to happen, should be another priority for the person responsible for the securing of corporate digital assets.
Automation is the most efficient form of monitoring. Trying to verify the status of individual devices is not only time consuming but also disruptive to the users operating those devices. Look for services that will monitor these statuses and report anomalies as they develop. This will allow the security responsible party the opportunity to operate confidently and with the capacity to manage the environment proactively.
The IT Department (PTY) LTD (http://theitdepartment.co.za) offers a comprehensive suite of services that will assist you with your IT Security practices, from advisory to monitoring to operational execution. Contact us today on 0860 48 28 58 to find out how we can help your business keep its digital assets secure.
Download a PDF version of this document here.
Mornay Durant – July 2017