Next Wave of Ransomware Attacks - Are You Prepared

Published on 13 Jun 2017

by GOsafeonline

This article was adapted from “Next Wave of Ransomware Attacks – Are You Prepared?”, an article by Singtel, an MoU partner of CSA.

The worst of the recent wave of global ransomware attacks is not over. New variants of the malicious software are expected to quickly emerge, and will be very challenging to block out as these variants have different ‘kill switch’ or emergency-stop mechanisms or none at all.

The attacks serve as a wake-up call on how cyber threats such as malicious software (or malware), advance persistent threats (APTs), distributed denial of service (DDoS) attacks and phishing emails should be taken more seriously. It’s not a matter of “if” but “when” it will happen again.

Here are some common questions faced by companies and individuals in the area of cybersecurity:

1. What can I do to improve cybersecurity in my company?

A company should assess its security posture, which refers to its overall security plan or approach to security, from planning to implementation. It includes processes and controls, and considers both internal and external threats.

The first step to improving your company’s security posture is to identify security gaps and assess its cybersecurity level holistically from an inside-out and outside-in perspective, in order to build the most appropriate information security programmes and strategies for your company.

Consider using posture ratings and benchmarking tools for a quantitative, non-intrusive measurement of your company’s security performance. The ratings are objective and indicates the security level over time.

2. How do I test the effectiveness of my company’s security posture?

It is important to keep track of the systems, applications and databases on your network – and their associated vulnerabilities – because you need to know what you are protecting and what you are protecting them from.

Consider vulnerability scanning services on your network-connected assets. Learn how those assets are vulnerable to attack, and understand what can happen if those assets are compromised. Take it further by conducting a penetration test on the real-world effectiveness of your company’s security posture. Hire a CREST-certified or equivalent penetration tester to hack into your network or applications to reveal vulnerabilities and the effects of exploitation that you didn't know existed.

3. How can I enhance my company’s network defence?

Companies should adopt a unified threat management service that consolidates all security technologies to protect perimeter networks such as firewall, web and email gateways.

They should also stop threats, both known and unknown, at every opportunity with advanced, multi-layered threat detection and prevention services, stretching from network to endpoint defence services.

Beyond typical firewall services, they can look out for advanced capabilities to help identify, allow, block or limit the usage of thousands of applications via firewall appliances.

4. How can I ensure that my cybersecurity infrastructure is up to date?

Malware often requires an unpatched vulnerability to work. Hence, you should ensure that your entire environment is updated with the latest security fixes. Vulnerability scans and security testing help companies identify their network-connected assets and learn how those assets are vulnerable to attack.

For a more proactive security stance, you should consider using emerging technologies such as deception technology to deceive and defeat attackers, while having more time to deploy patches and allow your operation to resume to normal.

5. How can I secure my web applications?

Web applications are becoming the hacker’s preferred vectors and can be easily compromised when security is not considered in each phase of the development lifecycle.

Consider applying application security solutions, backed by threat intelligence, to ensure that your applications are tested and reviewed thoroughly. There should be specific guidance that can significantly improve the security of your applications and protect your business.

6. What can I do to improve security on mobile devices and other kinds of endpoint defence?

Endpoint protection solutions have to be comprehensive and easy to deploy at all devices within your company.

Look out for unique capabilities such as real-time endpoint analytics and proactive threat- hunting which continuously monitors in real-time to detect and respond to advanced threats, post-incident detection and forensics analysis. You can also ensure protection on your devices, applications, emails and other data with a host of mobile management services.

7. With the multitude of cyber technologies available, how can I manage the complexities of implementing these technologies if strong in-house IT and security expertise is lacking?

Consider engaging managed security services providers (MSSPs) with deep, global capabilities, and build a robust ecosystem of partners to help you adopt and deploy complex security technologies. These providers can alleviate your sources of strain while amplifying your security posture beyond what your core competencies and existing resources can currently offer.

8. What should I look out for in a trusted managed security services provider (MSSP)?

  • A trusted MSSP should possess capabilities that include:
  • Access to best-of-breed technologies through an ecosystem of industry partners
  • Integrated threat intelligence platforms
  • Global, intelligence-driven Security Operations Centre capabilities
  • Certified professionals/expertise
  • Analytical and forensics capabilities
  • R&D capabilities in developing advanced technologies
  • Awards and accreditation with proven track records

9. Who should be involved in improving my company’s security stance and measures?

Cybersecurity is no longer just an IT issue. Managers, all the way up to the board members, need to take proactive steps to heighten their own cybersecurity awareness, get familiar with some technical jargon to assess strategic and business implications, and take the lead in cybersecurity decision-making.

Having incident response plans and programmes in place is vital to better prepare company boards, management, technology and operational personnel to handle cyber attacks and breaches. The real-world effectiveness of these incident response plans should be tested regularly, and there should be regular audits and assessment of your company’s security posture.

10. How can I introduce cybersecurity in the home too?

Whether at home or at work, every individual plays an important role in mitigating cyber threats and attacks.

As a user, you can apply the following cybersecurity tips:

  • Do not click on suspicious links/attachments in emails. To be sure, verify with the sender.
  • Set strong passwords, and change them regularly.
  • Keep all your software updated – this includes your operating systems, browsers, and other critical software.
  • Protect your mobile devices with solutions such as mobile threat protection.