One user, one e-mail can bring down a company
Ransomware can hit any business, and getting it back up following an attack can depend on taking care of the basics of information security.
This is according to Kudakwashe Charandura, a director for cyber security at SizweNtsalubaGobodoAdvisory.
Speaking at the ITWeb Security Summit in Midrand on Tuesday, Charandura said that WannaCry was an example of the havoc that could be wreaked by neglecting the basics, such as patching.
"Organisations get carried away installing the newest information security technologies, but if they forget the basics, it can take only one user or one e-mail to bring down an organisation," he said.
In the face of an onslaught of new malware and targeted ransomware attacks, Charandura recommended that organisations look to automated patch management systems, and to categorising data to ensure that mission-critical information enjoys top priority. Legacy systems also required stricter controls since they were potentially more vulnerable to attack.
Think across all layers
"Disable insecure network services and applications such as remote desktop protocol if they're not in use. Configure access controls and the firewalls to block all known malicious IP addresses, consider application whitelisting, and possibly logically separate networks to reduce the potential impact of an attack," he suggested.
"Think across all layers. Applications, information, network and end user security. Organisations have to identify high-risk areas and critical assets and build their cyber resilience, addressing those areas first.
"Legacy anti-virus is not designed to prevent the kind of attacks that are taking place now, such as fileless malware attacks," said Charandura. These new attack modes demand additional security measures, such as moving towards behaviour-based security management in which network anomalies such as the movement of large amounts of data were flagged.
The human element
In addition, the human element has to be addressed. "Never forget the human impact - people remain the weakest link. Organisations need to work on their 'human firewall' through training and continually reinforcing security awareness," he said.
Among the measures he recommended was social engineering assessments to determine how hack-proof staff were, and events-driven tools that set off alerts when employees accessed malicious sites, and then sent the employees emails warning of the dangers.
Despite their best attempts, any organisation still risked being successfully attacked, said Charandura.
"Organisations need to consider, if they do become a victim, how can they continue? It is crucial that organisations define their backup policy as part of their cyber resilience strategy."
He also said that care should be taken not to back up the ransomware along with the organisational data, and suggested that copies of the backed-up data be kept offline.