Even as an international manhunt gets underway to find the perpetrators behind the WannaCry ransomware that hit hundreds of thousands of computers across 150 countries, experts and security researchers are warning of new strains of attacks like Adylkuzz that are even more stealthy and potent.
The European Cybercrime Centre (EC3) at Europol have been working closely with cybercrime units in affected countries and industry partners to mitigate threats. It also helps victims to regain access to their encrypted files or locked systems through a repository of keys and tools for a range of ransomware. Still, in most cases of machines already compromised by new ransomware and emerging variations, little can be done to recover the encrypted data.
Gartner offers three suggestions in response to an attack.
Focus on root causes. Seek upgrade paths or patches from vendors for all software and systems, including embedded systems, that are vulnerable to malware.
Isolate vulnerable systems, including those not affected by malware. Limiting network connectivity to these systems and turning off vulnerable services like network file sharing is a useful temporary fix.
Ensure malware detection is updated and intrusion detection systems are operating and examining traffic.
Beyond these suggestions, your organization will inevitably want to learn from the known security incidents and try to be better prepared and more vigilant in preventing and mitigating future threats. Consider the nurturing of a proactive risk-aware culture in your company and the journey to robust cyber defense could be simpler than you think.
Educate and communicate
Apart from rethinking security architecture and bolstering your cyber defenses with the most appropriate technologies and tools, your organization would presumably be measuring the effectiveness of established security policies and controls while also educating endusers on their roles and responsibilities in maintaining a secure environment. A majority of sophisticated attacks could have been prevented through simple controls.
The state of company culture regarding security is a good focal point in cyber risk conversations between security professionals and top managers. “A recent survey revealed that 66% of fired IT professionals were terminated for reasons of security or compliance failures,” stressed Ray Pompon, principal threat research evangelist at F5 Networks and Sara Boddy, F5 Labs lead. “So, we need to make sure leadership understands the relevant security issues and can help mitigate them. To do this, you simply prioritize and make things quantifiable. Prioritizing means you focus on the top cyber risks and providing just the information the board really needs to know.”
And what top management needs to understand from IT and security professionals are the risks associated with business and the security controls that make sense for the company. This means more emphasis on risk assessment as part of your security program and how it can help prioritize the necessary actions to reduce the likelihood and impact of threats and vulnerabilities. “A risk assessment must also be read and used to manage the risk it identifies,” advised Pompon. “Acting on a risk assessment also means verifying that the risk was reduced by an active risk management process.”
For example, an effective incident response plan that encompasses technical, forensic, legal, and public relations support may translate to low impact on company reputation and future revenue after an attack. Hence, security budgets must also be aligned with the associated funds and resources required to mitigate the risks identified.
Discuss cyber insurance
Without purposeful risk assessment, addressing an integral part of security strategy – cyber insurance – becomes much harder. To avoid being underinsured or overinsured, you need to determine the level of risk your company is comfortable with and how resilient the business can be when a data breach or denial of service occurs.
Knowledge of the possible impacts and costs of a breach to business allows you to match them to the appropriate cyber insurance policies. “Having legal help from someone with deep expertise in this area is a prudent investment before purchasing,” advised Pompon and Boddy. “Whatever cyber insurance policies you purchase, make sure to read the fine print very carefully rather than assuming a policy provides the right coverage.”
A security breach, experts say, may not be a matter of ‘if’ but ‘when’. Yet, such an incident need not end in tears if the organization stays safe and smart.
This is a QuestexAsia blog post commissioned by F5 Networks Asia Pacific.