These are the things you need to do NOW to protect your business from cyber-attacks
The WannaCry ransomware took the world by storm last Friday, and with security experts predicting similar strains on the horizon, businesses of all shapes and sizes need to take certain precautions to prevent infection. GCI’s Technical Director, Neil Clegg, explains what you need to do to make sure your business is protected against future attacks.
19 September 2017
Unless you have been living under an incredibly isolated rock for the last few days, you’ll have heard all about WannaCry – a ransomware strain which has hit more than 200,000 organisations in 150 countries. Most notably in the UK 47 NHS trusts were affected, leading to patient records becoming inaccessible, many non-emergency operations being cancelled and affected hospitals diverting ambulances to other nearby A&E departments.
This particular malware exploits a flaw in Microsoft’s software discovered by the National Security Agency in the US, for which older or unsupported systems may not have received the patch. It encrypts files on the infected PC, with a message then appearing demanding money (or a “ransom”) for the decryption keys. The “kill-switch” for WannaCry was discovered by UK Tech blogger MalwareTech by accident; however, he warns that this could be just the tip of the iceberg. With security experts including Kaspersky Lab also reporting that a v2 of WannaCry is imminent which is likely to remove this kill-switch mitigation, here are the steps you need to take NOW to ensure you’re not affected by any forthcoming attacks.
Use correctly-patched, up-to-date software
If you’re running Windows 10, Windows 8.1, Windows 7 or Windows Vista and have your automatic updates enabled, you should be protected against WannaCry. For those still yet to remove Windows XP from their environments, Microsoft released an emergency patch this weekend to protect users – a highly unusual step given its end of life status, but an indicator of the severity and seriousness that WannaCry has been greeted with by the community. MalwareTech Tweeted “Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.” If you are running any version of Windows there are multiple benefits to regularly updating your software, but you must patch in the meantime if you want to protect against WannaCry.
As the first line of defence against malicious threats from the web your anti-virus software should be an integral part of your defence strategy and, as with your operating system patching, must be kept up-to-date at all times to give you the best chance of protection. The features available will depend on the software selected – you should pick a tried-and-tested industry-leader such as Kaspersky or Symantec – with most running automatically in the background to provide peace of mind, as well as allowing you to schedule scans or choose specific files or directories to scan for malicious code. Don’t think this form of protection is limited to computers; many providers also offer anti-virus software for mobile devices and whilst the impact of WannaCry has been limited to Windows-based devices, there are a growing number of threats targeting mobile operating systems. This is one of the most simple and straightforward forms of protection to deploy, so if you’re not sure you’re adequately covered you need to take action immediately.
Another industry-standard item that every single business should have, considering they are generally inexpensive and provide good ROI in light of the damage they can prevent, is a robust firewall. There is no excuse not to have one. A firewall will monitor both incoming and outgoing traffic for signs of illicit activity, protecting your network and devices from worms, Trojans, hackers, viruses and other malware. As with your anti-virus provision you should select a best-of-breed provider - we partner with security experts Fortinet – and ensure it is kept up-to-date and securely configured. For those seeking the ultimate in security, consider a Unified Threat Management (UTM) firewall for an extra layer of defence. This provides added protection, including network intrusion detection and prevention (IDS/IPS), content filtering, application visibility, load balancing, data loss prevention and more.
We all find spam email annoying, but not everyone realises how dangerous it can be too. “Spear phishing” reports are on the increase – that is, a more targeted email which will address you by name and could appear to come from someone within your organisation, your bank or even your email provider. A 2016 study has shown that 56% of people will fall for a spear phishing email and click on the links they are sent! Most malware enters your system via email, and the innocent user could download a virus or initiate a ransomware program with just one click which can have detrimental effects on your business-critical data. This is why email security is another critical element of your security plan; in order to prevent malicious emails from entering your inbox in the first place you need email security software with multi-layered antivirus protection, as well as high spam and virus detection rates.
Backup and DR
The only certainties in life are death, taxes, and the fact that cybercriminals will constantly change their methods of attack. If you’re hit with ransomware, as difficult a decision it may be, you should never pay the ransom. Aside from perpetuating the criminals’ cause, there is no guarantee that you will even receive a decryption code. WannaCry has been shown to rely on manual intervention for decryption and simply won’t scale to mass requests. This is where your backup and DR strategy is your lifeline, ensuring that copies of your business-critical files are retrievable quickly and causing as little disruption and downtime to your business as possible.
A backup and DR plan doesn’t stop there. As well as ensuring that you back up everything regularly (we recommend once a day), you need to test your recovery. If you already have a backup and DR facility in place then do this TODAY. Identifying a flaw in your process and understanding the remedial effort required is better to know now than when it becomes crucial to the recovery of your data. Backup tests should be carried out at least once a quarter, and certainly whenever there is a major hardware or software change to your backup system. Experts suggest you go one step further and follow the 3-2-1 rule of backup by having at least three copies of your data; two copies on two different media and one stored offsite. This way even if your backup’s backup fails, you still have a copy of the files you need. Whatever you do, don’t join almost one fifth of people who confess to never backing up their data!
Remain vigilant and be proactive
It’s essential to keep up-to-date with the latest information about attacks and new version of malware strains in order to be prepared. Twitter is an excellent source for this, with TechCrunch, BBC News, National Cyber Security Centre and MalwareBytes all updating alongside IT security vendors themselves in real-time.
Proactivity is also critical in the fight against malware. A security monitoring provision may feel excessive if you are confident that you have implemented the recommendations outlined above, but the truth is that many companies become lax when it comes to keeping an eye on whether their protection is performing correctly. Even if you’re doing everything right this only reduces your risk; in the case of “Zero Day” malware where no incident of the particular strain has been recorded before, you can still fall victim to an attack. This is where proactive security monitoring comes into its own.
To offer our customers the ultimate in proactive security, as part of our Fully-Managed Support Service (as well as being available in many of our IT Managed Services packages) we provide round-the-clock security monitoring in addition to the 24/7 support and monitoring already received (by all of our customers) as standard. AlienVault offers real-time threat intelligence, updated every 30 minutes with the latest information from the AlienVault Labs whose teams of experts analyse thousands of pieces of data to identify and protect against emerging threats and vulnerabilities. Also included in our Fully-Managed Service is automated patching and Proactive Watchpoints - a system of preventative maintenance tasks that are scheduled to flag up issues for resolution before they have a chance to negatively impact on your business.
Whatever your Security strategy, it needs to be addressed straightaway before a new variation of WannaCry is released or another new ransomware attack hits our systems. And don’t become a statistic - Endpoint Security experts Barkly have reported that 52% of organizations that suffered successful cyber attacks in 2016 aren't making any changes to their security in 2017!
Want to know more? Get in touch at email@example.com to discuss how we can keep you protected.