[BreachExchange] Why some firms never fall victim to cyber-attacks - while their competitors do

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jun 13 20:02:51 EDT 2017


https://fora.ie/readme/how-to-protect-from-cyber-attacks-3436348-Jun2017/

The ransomware attack known as WannaCry first struck on a Friday last
month, and by the following Monday it had reached more than 200,000
computers in 150 countries.

Although we still don’t know all the details, it’s clear that some
organisations were victimised far more severely than others.

The news of this episode reinforces a view that we have promoted for a long
time: Effective protection against cyber-attacks has less to do with any
particular technological factor, and everything to do with proactive risk
management in general.

Like all ransomware, WannaCry damages companies in two ways. Firstly, it
costs the organisation to recover the documents that the algorithm has
encrypted.

Secondly, even if the ransom payment is small — and there’s no guarantee
that future ransomers will limit theirs, as was the case with the WannaCry
fee, to $300 in bitcoin — the costs of coping can be immense.

Our research found that most ransomware incidents resulted in hours of
downtime or networks taken offline for up to 10 days.

Moreover, the attackers still hold any proprietary data they picked up.
They can sell it or release it publicly, even after the targeted company
has paid a ransom.

We expect there will be more attacks because the techniques and exploits
used to distribute WannaCry were only recently leaked to the world in April
2017.

Similar documents were published by WikiLeaks in March 2017, and there will
probably be more such leaks, not just in the US and Europe, but in
countries around the world.

Every breach will empower independent actors with tools previously held
mainly by governments. Ransom, blackmail, surveillance, shutdown and data
manipulation are all more feasible than they were only a few months ago.

All organisations must now ask themselves the same question, regardless of
whether they were affected by WannaCry or not: How can we protect ourselves
from similar attacks in the future?

Here are five key factors that separate vulnerable companies from more
resilient enterprises:

1. Robust digital hygiene

The WannaCry event highlights the importance of vigilant IT management.

Microsoft released its patch for WannaCry’s Windows vulnerability in March
2017. Companies that promptly installed it were protected, while many of
the hardest-hit companies were using outdated operating systems and even
pirated software.

Robust hygiene also involves rigorous backup practices. For example, don’t
just back up your company’s data. Test the backups regularly. Secure them
so they are separate from your other systems or networks; otherwise, they
will be corrupted as well.

2. The ability to detect intrusions

Human error is still the most prevalent means of gaining access to
proprietary information.

Employees often unwittingly expose data to a cyber threat actor through a
fraudulent email or other socially engineered techniques, thereby giving
hackers access to passcodes or other means of entry.

Organisations with effective risk management practices rarely release
sensitive information to outsiders inadvertently.

They are particularly protective of administrative accounts and other
privileged information; they make it extremely difficult to obtain the kind
of data that would allow someone to take over a system.

They are also attuned to detection, learning to recognise the keystroke
behavior common to intruders and isolate it in real time.

The one thing they share openly is the data about the intruders they
detect; collaboration among security professionals from a wide range of
organisations is one of the best defenses against cybercrime.

3. Thoughtful design of IT infrastructure

Every company has its own most valuable information: critically important
intellectual property, proprietary customer-related data, financial data,
and other strategically valuable insights. These must be protected
differently from other information assets.

Design your systems accordingly. Pay particular attention to your
information supply chain: Which vendors, suppliers and partners have access
to your data, and what are they doing to secure it?

Rethink your authentication and security controls; for example, introduce
two-factor authentication, in which a password must be combined with
biometrics, tokens or some other factor.

4. Advance planning and rehearsal

In the same way that you have developed advance plans for floods, fires and
other emergencies, prepare for cyber-attacks before they occur.

The plans should specify how you will respond if there is an attack, and
who will be accountable for which aspect.

For example, who will head up the information chain that notifies customers
if their credit card information is stolen?

To prepare for ransomware attacks, set up a decision matrix. Who will
retrieve the information from a backup? Who will communicate with the data
kidnappers? Under what last-resort circumstances — for example, a threat to
life — might you be forced to pay the ransom?

Think through all of this in advance and rehearse your responses. If a
crisis does occur, you will already know what to do. Planning external
communications is also very important and having immediate access to PR,
including social media, legal and IT forensics will be critical.

5. Early adoption of cloud technology

Cloud-based systems are updated easily and automatically in one location,
accumulate data in real time about attacks and intrusions, and incorporate
built-in constraints. This gives them an edge over systems that rely on
computers on the premises.

It may also be relatively difficult for intruders to exploit holes in
cloud-based architecture.

For example, in late April 2017, Google blocked a spear phishing attack (a
targeted email to get people to send compromising information); the
cloud-based aspects of Gmail software enabled it to rapidly identify and
isolate the intruding malware.

Of course, even if you have these five attributes in place, you cannot be
complacent. The most effective companies have focused on developing their
cybersecurity acumen.

New ways of approaching your computer systems will become a way of life.
When these activities have become ingrained in your company, then your
prowess at managing cyber risks becomes a strategic asset.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170613/0e6170a3/attachment.html>


More information about the BreachExchange mailing list