[BreachExchange] Resolve to Mitigate Your Business' Digital Risk in 2018
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Dec 22 14:53:10 EST 2017
http://www.securityweek.com/resolve-mitigate-your-business-digital-risk-2018
As we look to the New Year many of us make resolutions – getting healthier,
learning a new skill, saving money, or making more time for family and
friends. With 2018 just around the corner, the challenge now is to stick to
that resolution and this is where many of us fail. Often the goal is too
broad, or we don’t have a plan for achieving it.
As security professionals we’re always resolved to look for ways to
mitigate digital risk to our business and 2018 is no different. The trick
to achieving this goal is to determine how to get the biggest return for
our efforts and develop an action plan. To do this, let’s start by
considering what the threat landscape will look like over the next 12
months and focus on two areas that will continue to present opportunities
for attackers.
Supply chain and third-party vulnerabilities. These types of attacks have
been common in 2017 and will continue to be a fruitful method for
cybercriminals in the next year. Of note, intrusions resulting from the
compromise of software suppliers have been the most detected. Software
supply chain attacks that were reported in 2017 alone included the June
2017 NotPetya attacks, the ShadowPad backdoor that was distributed through
NetSarang software, the distribution of trojanized CCleaner software and
modification of the Windows event log viewer called EVlog. Suppliers are
attractive initial targets as they either have privileged access to
customer networks, or provide regular software updates to customers. This
means compromised software versions (containing malware) will be
whitelisted or overlooked by customer security teams and systems.
Wormable malware. Some of the biggest cyber incidents in 2017 revolved
around the issue of self-replicating malware that can spread between
networks. WannaCry and NotPetya were examples of this. We’ve also see the
Bad Rabbit ransomware that reportedly spreads via a combination of Windows
Management Instrumentation (WMI) and Server Message Block (SMB) protocol. A
wormable Trickbot banking trojan was also reported in Jul 2017. We can
expect malware modified with self-replicating capabilities to continue in
2018, particularly given the disruption caused by WannaCry and NotPetya
which is inspiring similar attacks.
With these two types of threats likely to continue into 2018, here are five
concrete things you can do to focus your efforts and keep your resolution
to mitigate digital risk.
1. Hold suppliers to certain standards. Suppliers and third parties are
often seen as easier entry points for attackers, especially as many do not
have adequate security maturity levels. Define a supplier management policy
that classifies vendors and identifies appropriate controls based on access
granted to sensitive data and critical systems. Regularly audit and enforce
these security measures.
2. Apply privilege management measures. Suppliers are often given much
broader access to company networks than internal users are offered.
Instead, organizations should apply privilege management measures. For
example, separation of duties ensures no single individual can perform all
privileged actions for a system, and least privilege provides only the bare
minimum level of access to perform their jobs.
3. Address vulnerabilities. Patching is an important part of your defense
strategy and failing to do so opens the door wide for adversaries. For
example, Microsoft has issued a patch that prevents the exploitation of the
SMB network service for lateral movement within target networks. In
addition, disabling unneeded legacy features will reduce the scope of work
and further mitigate risk.
4. Restrict communications. Network isolation, segmentation and limiting
communication between workstations can keep supply chain traffic separate
from other internal traffic. This approach can also prevent attacks, like
WannaCry and NotPetya, from propagating across networks to reach their
intended target.
5. Understand and backup data. Categorize data based on organizational
value and then physical or logical separation of networks can be created
for different business functions. For critical data and systems, use
cloud-based or physical backups and verify their integrity. Ensure that
backups are remote from the main corporate network and machines they are
backing up.
Remember that cybercriminals will shift targets and evolve their tactics,
techniques and procedures (TTPs) throughout the year. Plan to proactively
monitor the open, deep and dark web for mentions of your company or
industry to know if you’re being targeted. Also monitor for suppliers’
names to uncover if threat actors have set their sights on key partners and
if such activity may put your organization at risk.
Whatever happens in 2018 and beyond, cybercrime will continue to be a
problem. We can improve our chances of sticking to our resolutions by
focusing our efforts in a few manageable areas. Even just one of these
activities can help you better manage your digital risk. And with
continuous monitoring, when something bad does happen, you will know
quickly and can deal with it more effectively.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171222/51afe822/attachment.html>
More information about the BreachExchange
mailing list