CS Mar Apr 2022

More documents

Recommendations

Info

ansomware RANSOMWARE NOW A GLOBAL MENACE WITH MANY ORGANISATIONS USING OUTDATED AND INEFFECTIVE TECHNOLOGY AND CORPORATE STRATEGIES, THE FEAR IS THEY COULD SOON BE VICTIMS OF AN ALL-OUT ATTACK Hackers are increasingly offering services or exploits 'for hire', prompting the chief executive of the National Cyber Security Centre to urge organisations to review their defences. With ransomware branded "a rising global threat", what steps should they take to protect themselves? And are many of those using technology and corporate strategies that are no longer fit for purpose, leaving themselves increasingly likely to be ransomware's next victims? Here is what they seem to be up against. The 'as a service' market on the darknet, including ransomware-as-a-service, is growing rapidly. "This makes it easier for perpetrators to launch highly sophisticated cyberattacks," cautions Daniel Hofmann, CEO, Hornetsecurity. "In response, organisations must be prepared and amplify their defences." First of all, this means investing in, or upgrading to, a robust security service from a reputable third party, coupled with backup and recovery capabilities. This combined approach protects against attacks while enabling remediations should disaster strike. Both parts of the equation are essential, he says. "Heightened awareness across an organisation is equally important. Employees should receive cybersecurity training and refreshers, so that they can recognise ransomware and other malware, avoid succumbing to such threats and know what to do in case of an attack. As part of this, companies should also have the appropriate policies and an incident response (IR) plan, with a view to risk mitigation and damage control." To further batten down the hatches, companies should use multifactor authentication (MFA) and apply judicious permissions management, states Hofmann. "MFA enforces more than one method of user authentication. It is easy enough to implement and is a perfect foil to cybercriminals who have managed to steal a user's login credentials, for instance, since it prevents them from completing the next step to gain access. " Another tactic he singles out is to reduce the permissions granted to users and user accounts. "That, in turn, limits what an attacker can do, should the account be breached. This is particularly important for the accounts of system administrators themselves, given their access to entire IT systems." It's also about going back to basics to reduce risks, he adds: "installing the latest software updates to patch vulnerabilities, since there are typically publicly available exploits for these out there; and ensuring that the company's backups are functional through regular testing". Hofmann points out that it is pointless having a backup solution, if you are unable to recover backed up data. "Failing to look after aspects like this might leave systems administrators with a false sense of security." SOPHISTICATED, HIGH-IMPACT ATTACKS Britain, the United States and Australia recently issued a rare joint alert over a wave of ransomware attacks, warning that cyber gangs are becoming "increasingly professional". Cybersecurity authorities in the three countries said they had seen an increase in "sophisticated, high-impact" attacks on businesses, including in critical sectors such as health, education, financial services and energy, according to The Times. in response, Jim Hietala, vice president, business development and security for The Open Group, told Computing Security: "In the Digital Age, it's necessary for organisations to ensure a seamless flow of data across 28 computing security Mar/Apr 2022 @CSMagAndAwards www.computingsecurity.co.uk
ansomware a plethora of networks, applications and storages. However, the dilemma is that it is no longer feasible, or even possible, to consider all elements of the service topology as 'trusted'. Zero Trust is a critical concept, because it brings security to the users, data/ information, applications, APIs, devices, networks, cloud etc wherever they may be - instead of forcing them onto a 'secure' network. "The cybersecurity industry is more difficult to navigate than ever before," he adds. "Continuous data breaches and ransomware attacks, which are impacting commercial entities and governmental agencies, prove that network-centric approaches no longer work. The industry needs to establish standards and best practices for Zero Trust as the overarching information security approach for the digital age and create models that are data- and asset-centric, as opposed to traditional network-centric approaches." DEPLORABLE STATE OF SECURITY The only success story we can attribute to ransomware is publicly benchmarking its victims on the deplorable state of their organisation's security, says Ian Thornton- Trump, chief information security officer for Cyjax. "Although sensational headlines about a company becoming a victim and an endless stream of cyber security vendor fear, uncertainty and doubt related to 'protection from ransomware', it seems most people have missed the point. A cyber security event that involves ransomware is the result of one or more cyber security failures at a technological or human level. In short, ransomware is the symptom of the disease of poor cyber security, not something which 'just happens'." He likens ransomware's impact on an organisation to the three-act structure model used in narrative fiction that divides a story into three parts (acts). Often called the 'Setup', the 'Confrontation' and the 'Resolution', it was popularised by Syd Field in his 1979 book 'Screenplay: The Foundations of Screenwriting'. THE SETUP In the beginning, systems are brought to their knees - outages happen. that's a fact of life, but it becomes sinister the moment you are told the files are stolen, encrypted and you must pay not to have them publicly dumped and pay for a decryption key and software. "Just a point here. If you claim you are investigating a 'cyber security incident' and its ransomware, and yet it takes you more than a week to inform customers and regulators, you may need to question your organisations capacity for incident response and understanding of governance, risk and compliance." THE CONFRONTATION The middle of a ransomware event is the 'chaos' of the event itself, requiring extraordinary efforts to restore services and/ or negotiate with the attackers. This is the organisation in 'true' crisis where the very worst days of everyone's working life are being played out. "The only word that can adequately describe the feeling is profound 'tragedy' - it's a loss against malicious actors and all the stages of grief are played out as a mad hunt is on for the install CDs, the licence codes and the backup tapes. It's an extraordinary stressful time and the single most destructive words to utter at this moment are: 'I told you so'." THE RESOLUTION The end of the event is the realisation, after the extraordinary expenditure of time, effort and money, that the ransomware could have been prevented, mitigated, if only the security expense, life cycle management, asset inventory etc had all been done proactively. Every ransomware event comes with a healthy amount of hubris and lessons learned - only if the post event discussion happens. Most organisations survive a ransomware event, but it's financial impact and customer trust may take years to repair. "When we examine the big ransomware stories - at least the ones that share deep technical details - there are always items which we could have done better or been more prepared for," continues Thornton- Trump. "Since the first crypto locker viruses in 2015, it's hard to be sympathetic towards organisations that succumb to this attack in 2021, but it's understandable. If you think ransomware is what you need to protect your organisation against, you're missing the story. Ransomware is telling you about the state of your security." FINANCIAL INSTITUTIONS TAKE A BATTERING "Financial institutions are facing rising cyber threats and the warning from the FCA serves as a reminder that no business is safe from attack," says Fabien Rech, VP EMEA, Trellix. "We recently found that the financial services industry accounted for 22% of ransomware and 37% of Advanced Persistent Threat detections in Q3 2021. As cybercriminals adapt their methods to target the most sensitive data and services, FS firms must shore up their defences to mitigate further threats." How exactly? "They must deploy a security strategy that includes a living platform that can learn and adapt defences based on the threat. This platform generates and prioritises comprehensive threat insights from both outside and inside the company to adaptively strengthen detection, and it responds in realtime to active threats." According to research findings from Trellix, in the third quarter of 2021 "high-profile ransomware groups disappeared, reappeared, reinvented and even attempted to rebrand, while remaining relevant and prevalent as a popular and potentially devastating threat against an increasing spectrum of sectors. Even though www.computingsecurity.co.uk @CSMagAndAwards Mar/Apr 2022 computing security 29
Page 1: Computing Security Secure systems,
Page 4: Secure systems, secure data, secure
Page 7 and 8: Strengthen your data resilience wit
Page 10 and 11: ehavioural insights INFORMATION SEC
Page 12 and 13: MSP insights THE MSP ATTACK TARGET
Page 14 and 15: metaverse VIRTUAL WORLD, REAL DANGE
Page 16 and 17: compliance GETTING TO THE HEART OF
Page 18 and 19: cloud THE CLOUD CONUNDRUM CLOUD, IN
Page 20 and 21: cloud Raghu Nandakumara, Illumio: a
Page 22 and 23: tech scrap I.T. EQUIPMENT JUNKED PR
Page 24 and 25: NHS breaches NHS BREACHES - JUST A
Page 26 and 27: NHS breaches Felix_Rosbach, comfort
Page 30 and 31: ansomware Daniel Hofmann, Hornetsec
Page 32 and 33: Log4shell LOGJAM OF CONCERNS LOG4SH
Page 34 and 35: Log4shell Jude McCorry, SBRC: all o
Page 36: PLAY IT SAFE WITH 365 TOTAL PROTECT

CS Mar Apr 2022

Create successful ePaper yourself

Delete template?

Save as template?