November 28, 2017
How to Immunize Against Cyber Attacks
by Tony Joseph
With cyber crime damage estimated to touch $6 trillion annually by 2021, the stakes have never been higher.
Cyber-attacks see no signs of abating. In fact, deadly threats such as ransomware and malware have now become mainstream. Enterprises have no option but to expect cyber-attacks as a fact of life. They need to make their systems immune from such attacks.
The State of Cyber Attacks
Cyber-attacks increase in magnitude and scale with every passing day. A case in point is the WannaCry ransomware, which wreaked havoc in more than 200,000 systems across 150 countries in the world, during May 2017. This attack, the largest ransomware delivery campaign to date, held up everything from surgical operations to public information display systems, and from government initiatives to corporate work. And WannaCry is just one example. More than 4,000 ransomware attacks have taken place since the start of 2016.
Ransomware damages will touch $5 billion by the end of 2017, a 15X increase from the damage levels just two years ago!
Data-encrypting ransomware such as WannaCry is socially engineered malware. The hackers trick unsuspecting victims in many ways to install Trojan horse programs. They may:
- Compromise an otherwise trusted site on a temporary basis, to offer a malicious download link.
- Arrive as a rogue friend or application install request through mainstream social media.
- The innovation of their attacks is matched only by the ingenuity in the ways they breach the network.
Close on the heels of socially engineered malware are password phishing attacks. A good proportion of the unsolicited emails try to pry out login credentials from gullible account holders. Despite the best anti-spam software, good phishing replicas of legitimate emails slip in. All it takes is a single careless employee for the hackers to breach the corporate network.
Cybersecurity has been fighting a losing battle against cyber attackers for many years now.
Traditional security approaches, such as firewalls and antivirus suites, are now inadequate to protect against the entire gamut of attacks. Many enterprises realize this fact and now invest heavily in security. Gartner estimates information security spending to exceed $86.4 billion in 2017. However, many enterprises go after the latest tools and technologies, while neglecting the basics.
See also: Quest for Reliable Cyber Security
Time-tested basic security hygiene is the basics of any countermeasure against cyber threats. Some of the basics include:
- Installing advanced anti-malware suits
- Regular patching and updating key software
- Regular data backups
- Controlled access to resources within the network
- An Enterprise-wide whitelist of authorized apps and software.
- Strong two two-factor authentication (2FA), with smartcards, biometrics, or OTP through SMS.
Another key component of basic security hygiene is training users on safe browsing. The ideal end-user education is ongoing. It covers the latest threats, and make employees aware of what to do in the face of various eventualities.
However, all these basics serve only as a foundation on which to construct sound security architecture for the enterprise. These basics alone are no longer effective in keeping cyber criminals at bay.
Patch Management: Vital for online security
Socially-engineered malware such as WannaCry spread across the organizational network without user interaction. The malware exploits latent vulnerabilities in the operating system of application software. Browser add-on programs such as Adobe Reader are especially rife with vulnerabilities, and hackers exploit it at will. In WannaCry’s case, the malware exploited “EternalBlue,” a known Microsoft Windows vulnerability.
Software vendors and cyber criminals are locked in a never-ending battle. Cyber criminals are always looking to unearth some vulnerability. The “good guys” try to beat cyber criminals to the game, to identify vulnerabilities before cyber criminals discover it first. Either way, the software developer releases a patch as soon as the vulnerability becomes known.
But, it is rare to find any enterprise with perfectly patched software. Enterprises do not install the patch updates even when one becomes available, owing to many reasons, such as:
Operational constraints and exigencies
Concerns about whether a newly patched version would contain some other bugs, rendering the system unstable.
Continuous Monitoring: Around the clock website check-ins
Today’s cyber criminals are sophisticated, and the attacks they launch are unpredictable.
Enterprises would do well to ensure continuous monitoring of the network environment. They would also do well to manage the implemented security controls on a proactive basis.
An effective network monitoring system offers end-to-end visibility of the network traffic. It:
- Understands legitimate traffic patterns in the network, and issues prompt alerts when discovering unexpected traffic flows.
- Triggers automated responses, such as shutting down the network, or blocking the user, on detecting anomalies.
- Integrates threat intelligence capabilities, aggregating threat information from multiple sources.
Large enterprises could consider setting up an in-house security operations center, with robust incident response capabilities. Smaller firms could consider enlisting the services of a managed security services provider, to monitor their network and respond to incidents in real-time. Either way, proactive network monitoring is essential to keep the network safe.
See also: Paradigm Shift on Cyber Security
Security Assessment: Third party independent security reviews
Network security does not work in isolation. An effective security set-up offers tight integration, without leaving any loose ends. Enterprises would do well to conduct a thorough security audit to ensure such a state.
A sound and comprehensive review compare the existing state of cybersecurity with best practices, in terms of:
- The integration of basic and advanced controls to the security architecture
- Integration of the existing security environment architecture with the business and IT vision
- How the security framework leverages latest technologies, such as Machine learning, behavior analysis, and threat modeling, to detect and mitigate identified threats
- The scalability of the security architecture to defend against future threats
- The preparedness of the architecture to deliver Intelligent and flexible responses
The state of cybersecurity is fluid. Enterprises need to adopt an adaptive and evolving approach the security. They need to re-evaluate security processes, practices, policies, platforms, and tools, on a regular basis.
With cybercrime damage estimated to touch $6 trillion annually by 2021, the stakes have never been higher.