Views
2 years ago

CSLATEST

masterclass CAN YOU RELY

masterclass CAN YOU RELY ON A HUMAN FIREWALL AS YOUR LAST LINE OF DEFENCE IN THE FIGHT AGAINST RANSOMWARE? CHARLOTTE GURNEY, MARKETING MANAGER, BROOKCOURT SOLUTIONS, AND MORTEN GAMMELGARD, FROM BULLWALL, HAVE CLEAR ADVICE FOR THOSE WHO MAY BE HIT BY RANSOMWARE THAT EVADES EXISTING SECURITY SOLUTIONS Charlotte Gurney, Marketing Manager, Brookcourt Solutions. Ransomware attacks businesses and puts a halt to operations daily, often at enormous cost. There are multiple solutions that try to stop Ransomware from getting into your network in a variety of ways: firewalls, anti-virus, nextgen anti-virus, patching and email and web gateways. They all work based on identifying and stopping malware from getting into your network at the perimeter or on the endpoints before damage is done. Unfortunately, it is becoming increasingly common that ransomware can avoid detection by perimeter and endpoint products, leading to a situation where organisations have an over reliance on humans as a 'Last Line of Defence'. Human error is still the number one-way hackers get into your system. Yes, anti-virus programs and system backups are critical, but organisations now spend a lot of time, effort and money on user awareness - however, that is not enough. It is like getting a speeding ticket - after you get one, you drive carefully for 3-4 weeks and then gradually revert to old habits of speeding. If your strategy for Last Line of Defence is a 'Human Firewall', it constantly needs to be maintained and updated like any other security technology and you will still be vulnerable, says Morten Gammelgard from BullWall. Questionable email attachments, pop-ups on screens and links to videos are ways that hackers target individuals to gain access to your network. There is also a threat from devices that cannot install the traditional security agents, such as IoT/mobile devices, which could start to encrypt files on fileshares. We need the ability to detect, alert, respond and recover quickly, as even the most sophisticated organisations will eventually experience a cyber breach. When hit by ransomware that evades existing security solutions, how you respond in the first few minutes is critical when it comes to overall cost of the attack. With GDPR in effect, the pressure on organisations hit by ransomware has escalated. GDPR is likely to become another tool for negotiation by extortionists, who will threaten to compromise an organisation's data, unless a payment is received, knowing that the consequences will be more significant under the new regime. According to The Information Commissioner's Office (ICO): "In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by Ransomware, or accidentally lost or destroyed. When a personal data breach has occurred, you need to establish the likelihood and severity with risks to people's rights and freedoms. If it's likely that there will be a risk, then you must notify the ICO; if it's unlikely, then you don't have to report it." In a scenario where your organisation has been hit by a previously unknown variant of ransomware that evaded detection by your existing security solutions and, unknowingly to you, succeeded in encrypting 150,000 files on your fileshares in your datacentre or in the cloud, and even worse without visibly changing the filenames, your organisation needs to be pro-active and instantaneous, as you only have 72 hours. This is where BullWall's RANSOMCARE technology is a powerful supplement to humans. RANSOMCARE is 'Last Line of Defence' - when all other security solutions fail. RANSOMCARE will monitor and protect your files. It is an agentless solution that is installed on a virtual server in your data centre or cloud. RANSOMCARE can instantly detect and shutdown a ransomware attack and quickly provide you with the information required for GDPR compliance. Contact Brookcourt Solutions to book a demo: contact@brookcourtsolutions.com 30 computing security July/August 2018 @CSMagAndAwards www.computingsecurity.co.uk

thought leadership PARTITIONING THE RESPONSIBILITIES IN INFORMATION SECURITY MUSTAFA FIKRET OTTEKIN, ADVISOR TO CEO IN ICTERRA, REFLECTS ON THE VITAL ROLES TO BE PLAYED BY MANAGEMENTS AND IT DEPARTMENTS Probably the most common and serious mistake of managements regarding the governance of information security is delegating too much responsibility to the IT Department. This mistake is usually due to the belief that information security is a "mostly technological" problem, which should be solved by mostly technological people, the IT experts. Well, this is not exactly the case. Let's try to draw the line correctly between the responsibilities of the management and the responsibilities of the IT department here. I would like to focus here on two separate stages of information security governance process: risk analysis and risk mitigation. Risk analysis begins with the valuation of institution's assets in the most objective and realistic manner possible. Values of assets are deeply rooted in the value of information they process, which is proportional to the cause the information serves. In other words, the value of assets depends on the value of business or function they facilitate. At this stage, the responsibility of the management is designating the due value and priority of each business conducted by the institution, including related information. That task may be performed by the management alone. Neither IT experts nor the information security advisors may substitute the management at this stage. Yet, the values of all other (software, hardware, facility, etc.) assets may be derived by IT people following that first stage of business valuation. The second stage I want to take a look at is risk mitigation, where the security controls are applied on the daily life of the institution. Security controls may be divided into two categories: Controls safeguarding confidentiality (All sorts of access control) Controls safeguarding availability (Information backup and business continuity measures). Access control may be broadly defined as assuring access to information on a "need-to-know" basis. In that respect, the management has to designate which information may be accessed by whom. That designation is almost equal to deciding which task should be executed by which personnel or department. Again, neither IT experts nor the information security advisors may substitute the management to make that decision. After the "need-to-know" basis is established by the management, the IT department may assume responsibility to apply that base consistently to application access control, network access control, physical access control etc. security controls. Similarly, management has to decide the tolerable durations of interruption about access to information for all crucial business processes. The IT department may use that information to define and acquire the necessary information backup and business continuity systems. To sum up, the management would define the security principles and the IT department would define the security controls that would apply these principles to the daily, ongoing execution of all business processes. (And the Internal Audit department, where available, would validate the proper implementation and operation of security controls...) Along the information security governance process, management would also provide the budget required to implement the security controls and assure due execution of Internal Audit procedures. Finally, the similarity between the forces present in 'segregation of duties'; legislation, execution, jurisdiction and management, IT department and audit may be noticed easily. It may be concluded that correct application of 'segregation of duties' in the domain of information security governance, in order to assure due security and functioning of an institution, is indisputable. www.computingsecurity.co.uk @CSMagAndAwards July/August 2018 computing security 31