Global, large-scale attacks are exposing millions of accounts, holding confidential information hostage and costing companies billions. It’s expected to get worse, becoming even more difficult for cybersecurity professionals to protect data and secure networks from cyber hackers.
In 2017, several massive attacks revealed new vulnerabilities, new cyber attack methods and a dramatic increase in ransomware – an attack that holds files hostage until a ransom is paid. While cyber attacks and data breaches continue to evolve, there are lessons that can be learned to enhance cyber defense methods and strengthen security tools and processes.
Keep Systems Updated
When security patches are released, be sure to update all systems as soon as possible. According to cybersecurity firm Palmetto Technology Group, many of the companies affected by WannaCry in May 2017 were using Windows XP and/or Windows Server 2003, which are both outdated operating systems. Just a few months prior to the attack Microsoft released a security patch, but it wasn’t applicable to outdated technology.
Companies need to monitor the lifespan of technology, keep all systems updated and upgrade systems when patches are no longer available.
Ensure Security Training is Effective
All computer users are at risk of becoming ground zero for the next big attack. In June 2017, NotPetya gained access to corporate networks by posing as an admin via a hijacked software update and via phishing emails, according to a 2017 article published by The Register.
According to a report on ransomware from Deloitte, phishing emails are the main delivery vehicle for ransomware. The highest click-through rates result when emails include specific content that users would expect or see according to their everyday tasks.
Companies should invest in continuous, strong security awareness training that educates all employees about the content they receive via email and read on social media and other digital channels. Additionally, Deloitte suggests organizations occasionally test users to determine the effectiveness of training.
Provide Network Access to the Right People
A tiered identity access management control system could have mitigated the massive hack that happened to the Office of Personnel Management (OPM) sometime between 2014 and 2015, according to a 2016 article published by The Business of Federal Technology.
After the hack was discovered and disclosed publicly, the Department of Homeland Security and FBI made several key suggestions for OPM’s cyber infrastructure, including implementing identity management controls for administrators and two-factor authentication. It was discovered that hackers used a third-party vendor to hack into OPM.
Organizations need to regulate access to systems or networks based on the roles of the individuals by creating policies and processes that ensure only the right people are accessing information specific to them.
Several recent cyber breaches have shown the world how tech-savvy hackers have become. As a result, organizations should have a security-rich company culture accompanied by a comprehensive plan to mitigate all risks.
Deloitte suggests a comprehensive assessment includes the following:
- Use of privileged accounts and access controls
- Content and whitelist filtering
- Security configuration of endpoints
- Use of threat-intelligence solutions
- Network segmentation and layered security
- Robust business continuity planning and exercising
- Crisis and incident response planning and exercising
- Testing the business resiliency, using targeted exercises such as “red teaming” and threat simulation
Back Up Critical Information
When files and systems are locked down, organizations may lose data. During the WannaCry attack, around 200,000 users in 150 countries were affected, causing hospitals, transportation systems and other critical systems to halt services. As Deloitte explains, backups remain the best protection against data loss, because even when a ransom is paid, there’s no guarantee all files will be restored to their original form.
Deloitte suggests organizations implement enterprise endpoint backup for all laptops and workstations that include recovery point objectives for each individual server.