WannaCry: an eye opener?
What have we learned from the past few days?
The latest cyber attack got a lot of media coverage and thus absolutely increased the overall security awareness. The speed of this ransomware spread was unseen: more than 200,000 infections in more than 100 countries. In this article, I won’t focus on the technical details but I will give a high-level overview of how to prevent these attacks and of the basic security rules. Of course, 100% protection does not exist but the risk can be greatly reduced.
The latest attack taught us that there are a lot of networks with vulnerable devices. The attack uses techniques that have been known in the market since March and for which Microsoft released a patch in March as well. But, nevertheless, many organizations did not patch their systems in time, or are still using older Microsoft Operating Systems (OS) such as Windows XP or Windows Server 2003. Microsoft has released patches for these Operating Systems this weekend even though they are not supported anymore.
Finding the right balance
One of my favorite quotes is ‘finding the right balance’. It can be applied to many things but definitely to security. Sometimes it is about finding the right balance between budget and risk, between flexibility and security, between service windows and productivity…
When talking about security, it always comes down to two aspects:
- people, process, and technology
- prevent, detect and response solutions
SecureLink is very good at delivering technical solutions, as a project or as a Managed Service. Thanks to our recently-introduced Security Maturity Assessment tool, we can also get some clear insights into people and processes. We give thorough advice on this topic.
|People||User awareness training
|Have internal procedures to report irregularities|
Regular vulnerability testing and pen testing
|Clear restore procedures|
|Technology||Modern security tools such as next-generation malware protection, next generation firewalls, modern e-mail gateways, ….||SIEM, NTA, UEBA, Deception tools||Security automation (e.g. endpoint quarantine)|
Many companies don’t have people, nor the knowledge to manage the different security components themselves. That is why the SecureLink Managed Security Services are more popular than ever. Our security specialists help you monitor your environment 24×7 from our Cyber Defense Centers.
We also notice many companies putting a lot of effort and money in preventing attacks. But, the detection and the response part are equally important! The numbers show that it can take months before the average hacker is detected. Therefore, it is extremely important to have the required detection tools and response plans. What happened last weekend isn’t an example, but the latest FireEye report shows that the average detection time in 2016 was 99 days.
Don’t forget the basics
As the attack of last weekend used a vulnerability in the Microsoft OS for which there was already a patch available since March, there were many people who said that you should have a patch process in your company. I completely agree but we have to be realistic because it isn’t that simple for larger organizations. Again, it is about finding the right balance between on the one hand installing the patch and thus risking troubles with applications; and on the other hand risking this vulnerability to be used. In healthcare, we see a lot of embedded systems that are still based on Windows XP and are part of other solutions such as scanners. These systems are not always managed by the internal IT team.
As you can see, it is very complex. Therefore, I would like to give you an overview of the basic security rules:
- Segment your network, when using embedded systems. They need to be on a separate network.
- Use modern anti-malware solutions based on Artificial Intelligence on endpoints. In today’s environments, the endpoint itself becomes more and more important mainly due to mobility. A traditional signature-based solution won’t do.
- Make sure you have (tested!) backups of critical resources.
- Keep your systems up-to-date.
- It is important to use multi-factor authentication when you logon to cloud applications, even though it is not applicable to what recently happened.
- Use modern security gateways on your perimeter and apply the necessary protection regarding incoming e-mail
Keeping up with all trends in Cybersecurity isn’t always easy, and finding skilled people is even more difficult. SecureLink provides Managed Security Services to help companies monitor their (security) infrastructure. This ranges from monitoring security devices, detecting breaches based on all logs, detecting breaches based on behavioral analysis of network and/or user behavior up to a complete incident response service.
An important part of our Managed Security Services is our SecureProtect Endpoint offering. Based on a modern solution, we offer endpoint protection as a service through a pay-per-use model with monthly billing. We have performed several checks showing this solution would have blocked this ransomware from the start.