As the latest cyber attack on big organisations hits the news, we cover what businesses need to do to protect themselves.
Ransomware and Advanced Persistent Threat (APT) are terms the public have become familiar with in recent times. APT is recognised as a an unauthorised person gaining access to a network for a long period of time, with the intention of stealing data or causing damage to the organisation.
Some of the high profile APT’s are alleged to have disrupted an Iranian nuclear programme and impacted the hard drives of a major Saudi energy company. What is more worrying is that this unauthorised access has, on some networks, gone undetected for years.
Technology has often been the suggested answer to protecting the organisation against these types of attack and to a certain degree, it works.
But the question emerging is, what happens if technology alone isn’t the answer?
Steps to take
The recent attacks highlight the need for organisations to get their cybersecurity basics right. There are a few simple steps that can mean the difference between being a victim on a catastrophic level or being able to contain the risk.
- Identify and manage the organisation’s cyber risks. Have a specific focus on the priority cyber threats and breach scenarios that could disrupt operations or have other negative impacts on the organisation.
- Educate the organisation’s employees in good cybersecurity practices and the use of third-party assessment/assurance programs – you can protect your network but do you know how your third parties protect theirs?
- Regularly maintain and review elements of the organisation’s cybersecurity program: patch often, define your cyber incident response process, back up regularly and practice response scenarios. This will provide a strong foundation for building cyber resilience into your organisation.
It is often said that 100% security isn’t achievable. Even those companies with the largest security budgets can be compromised, evidenced by the origins of the Wannacry code, with the USA’s National Security Agency taking responsibility for creating the original code.
But organisations that implement the basics and follow a Prevent, Detect, and Respond model will in the long run be able to help better protect the organisation from future attack:
Prevent and Detect
- Ensure vulnerability and patch management policies and procedures are up to date. Where out-of-date and legacy operating systems are used, seek guidance from vendors on further steps.
- Maintain an effective enterprise incident response and business continuity plan, which is tested and measured for effectiveness against ransomware and other potential attack methods, as well as updated to reflect the current cyber threat environment.
- Ensure the organisation has a security awareness training program in place with proactive testing, including screenshots of what to look out for.
- Ensure regular, tested backups are in place to mitigate effects of possible infection and speed the recovery process in lieu of succumbing to ransom payment demands
- Seek assurance from third parties who connect to your network that they are following similar actions and are appropriately protecting themselves.
- Implement monitoring technologies and procedures that can enable faster detection and response to incidents.
- Make sure all your users know what to do in the event of an incident such as Wannacry. Isolating infected machines at the earliest possible opportunity is vital.
- If you don’t have the capability in house, use third parties to provide forensic services, including the recovery of data.
- Activate your incident response plan and don’t treat the investigation as merely an IT issue; there should be cross-functional representation in the investigation team such as: legal, compliance, information security, business, PR, HR, etc.
- Activate your business continuity plan. Prepare data based on varying requirements for regulatory inquiries or civil suits
Companies have invested significant sums of money over the years in trying to protect themselves against ‘Advanced Persistent Threat’. However, the latest attacks should act as a reminder that technology alone isn’t the answer.
The first step to building a robust security framework should always start with the basics.
Owen Purcell is lead partner, EMEIA Advisory Centre at Cyber GRC