Throughout 2017 the cyber war continued to rage bringing us well-publicised ransomware outbreaks such as WannaCry, Petya, NotPetya and Bad Rabbit. Whilst these attacks were all unique and originated from different sources they had common traits. They spread like a worm through networks, encrypting files and demanding money to release them. They gained access by exploiting a weakness in Microsoft Windows which had been undetected and unpatched. For IT Departments the message is clear: YOU BETTER BE READY FOR MORE OF THE SAME IN 2018! The exponential growth in ransomware worms is likely to continue apace.
Experts are warning that 2018 will see further escalation of cybersecurity risk. Here’s what to expect.
Ransomware: New technologies, targets and objectives
The profitability of ransomware attacks will decline as security solutions improve to counteract them. But the criminals are expected to change tact targeting the less prepared medium to smaller sized businesses. This change in ransomware tactics will also see a shift to more catastrophic damage beyond the demand of money for the release of files to the destruction of systems and data with the ransom payable to make it stop. Ransoms becoming a means of damage limitation rather than a method of restoration. This shift in tactic means companies need to be sure that they not ONLY have defensive security solutions in place but also a robust method of recovering any data that may be destroyed because of an attack.
More devices mean more trouble!
Complicating matters is the increase in attack surfaces. As the world becomes more connected more people have more devices controlling more aspects of their lives. But each device which is connected increases privacy and security concerns surrounding the Internet of Things. As the number of connected devices grows so does the number of points of attack for hackers to exploit and gain access to networks.
Updates, Updates and More Updates – Prioritise Patching
As IoT grows so does the need to protect more devices. An IoT device may have been safe when first installed but as hackers discover vulnerabilities it can quickly become unsafe. Computers have this problem too as software vulnerabilities are inevitable. Wannacry exploited a vulnerability in Windows XP. A patch had been available for weeks but hadn’t been universally deployed. As governments arm themselves through hoarding vulnerabilities as they discover them, for their own defensive purposes, the public will only come aware of them after they’ve been hacked when it is too late. This means it is crucial to keep devices updated.
Organisations often remain focused on protecting against the unknown ie Zero Day vulnerabilities and neglect to keep on top of known vulnerabilities which could at any time be exploited and result in an attack on their business.
Passwords aren’t enough
Users tend to use simple passwords and the same password for multiple sites or systems. The most common password in 2017 was “123456”. The Yahoo breach saw 3 billion accounts and passwords hacked. Passwords alone aren’t going to cut it. There needs to be both encryption and a two-step method of authentication to secure access.
GDPR means greater consequences
GDPR challenges how companies manage IT security risk and cost. The onus is on companies to adequately protect their data or risk sizeable fines in the event of a breach. GDPR rubber stamps in law the requirement for companies to take IT Security seriously. In the past compliance has brought IT Security up to date 10 years too late. GDPR is pushing it to the forefront of boardroom concerns. Get ready for GDPR with our Guide. http://novi.ie/gdpr
Fatigue and Complacency
The PR and media attention that data breaches and ransomware attacks generate is a double-edged sword. It increases awareness of the type of cyber-attacks and gives people a chance to protect themselves if they know how! But it also can result in people becoming desensitised and complacent with that age-old thinking “I was ok last time so I’ll be OK this time” or “This stuff only happens to the big well-known names.” It is easy to forget that it is only the big well-known names that get reported, there are plenty of lesser-known business hit also. No one is safe, any industry and any sized company can get infected at any time.
Our Recommendations to help stay secure
Get back to basics.
- Take an inventory of all devices authorised and non-authorised. Don’t forget lots of employees use their own personal mobiles in the workplace.
- Prioritise patching. The majority of malware and ransomware takes advantage of known vulnerabilities in operating systems and common applications. Manual patching is time-consuming and not practical. To make it easier for our customers Novi have introduced a new service that identifies and patches known vulnerabilities across devices from a centralised cloud-based service.
- Introduced Layered Protection. Wannacry proved how important it is to compartmentalise networks, so should devices on one network become infected they don’t threaten all systems.
Novi has implemented internal segmentation firewalls that isolate threats in several customer sites. Read More Here.
- Make data easily recoverable. With ransomware becoming as much (if not more} about sabotage as extortion, backups and local server imaging repositories are now also rendered vulnerable. It is now more important than ever to routinely back up offsite copies of virtual servers that not only include files but also include server settings and applications for a full system restore. On site server images can be compromised so measures need to be put in place to ensure that data and systems are replicated in the cloud and can be restored from there. Read about Novi AirGap Service Here. http://novi.ie/news/novi-launches-new-airgap-data-recovery-service
- Review password policies and implement a Single Sign-On Solution. Single Sign-On allows for centralised identity control and authentication of the user. Implement a service based two-factor authentication service ALL business services as usernames and passwords in isolation can easily be compromised.
Prepared and edited by @EdinaZejnilovic, Journalism Student at DCU