Global Ransomware Attack Sparks Long Awaited Wake-up Call
The attack that hit about 200,000 computers in 150 countries may finally force businesses to take cybersecurity seriously.
The attack was global, indiscriminate and has real-world consequences on businesses and high profile public institutions, such as NHS trust hospitals.
Secarma, the cybersecurity specialist and ethical hacking company based in Manchester, offers the following advice to mitigate this and similar attacks in the future:
- Applying patches especially with security updates in a timely manner is essential. This goes for everything, from Windows update to applications such as Adobe Reader and JAVA.
- Organisations should have a fully developed and agreed patching policy which includes a methodology to deal with “out of bound” critical patches to cover issues such as these.
- Keep antivirus software up to date. Virus definitions are normally updated at least once a day, so ensure your virus database is updated regularly to protect against the latest threats. Utilise software which will scan in real time threats from emails, downloads and web browsing.
- Engage in regular penetration testing and vulnerability scanning using a reliable third party supplier of these services.
- Conduct a build review of your user workstations and laptops using a third party supplier is particularly important. This will ensure your patch management and configuration make your organisation harder to exploit using phishing techniques.
- To add depth to your defences consider adding additional malware scanning technology into your email chain. Relying on one anti-virus vendor from mail server and end node protection does not guard against a threat to that specific product.
- Consider reviewing all routes to the Internet from at least the user area of your LAN. This needs to holistically check all routes including: TCP, UDP, ICMP, HTTP/HTTPS. By improving egress filtering you can often prevent a successful infection dialling home with your data or to get commands from the attacker.
- Keep regular backups. Ensure you have a verified, tested and working process for restoring from backups. Backups should be held preferably off site, on some physical media that isn’t used, or for another purpose.
- Train your staff. Given threats such as ransomware are on the increase, it is even more important to establish a culture of security awareness. Targeted phishing attacks will only work if an attacker can convince a user to interact with the payload.
- Engage a supplier to run a “simulated phishing” exercise within your organisation. This can give you metrics to understand your potential exposure. It will also highlight the value of staff training and demonstrate your return on investment over time.
View Internet News Archive