Analyzing scenarios - the ominous signs
The threat of cybersecurity grows at an alarming rate, just as terms like ransomware and malware become mainstream.
The recent WannaCry virus attack in mid-May 2017 wreaked havoc as it hit over 200,000 computers worldwide. The virus affected computers in 150 countries across North America, Europe and Asia, and the attack was the largest ransomware delivery campaign till date.
Several global 2000 enterprises were impacted by the attack, as worldwide reports suggest. In the UK, it led to operations being canceled and patients turned away from the A&E. The cyber-attack also delayed package deliveries in the US, blocked public information display systems for German trains, and resulted in work stoppages in Government offices in Brazil.
This ransomware searches for and encrypts over 170+ different file types and demands payment in exchange for unlocking the data.
The primary reason why WannaCry, discovered by the National Security Agency and leaked by hackers, has been successful in infiltrating systems at such a wide scale globally is because of its ability to spread across the organizational network without user interaction by exploiting a known Microsoft Windows vulnerability ‘EternalBlue’.WannaCry is currently known to target only unpatched Windows 7 & Windows Server 2008 (or earlier OS) systems, while Windows 10 systems remain unaffected.
The spread of the virus was arrested soon after 'MalwareTech', a Britain-based security researcher, accidentally discovered a ‘kill switch’ to halt the WannaCry attack.
However, the threat is far from over. In fact, on an average, organizations suffer two to three focused attacks that breach security each month—attacks they confirmed could take months or even years to detect.
What's happening & what can be done - the need of the hour
The scale of the recent attack has been unprecedented. Perhaps, more than anything else, the ransomware onslaught is a resounding reminder of the criticality of security, especially when it comes to Microsoft product patching.
The likes of WannaCry could have been prevented, had there been a sound security architecture in place. Many were affected by the ransomware attacks due to their own failure to update/maintain their software patching maintenance programs. Enterprises that do not invest in preventive and predictive IT solutions are increasingly more vulnerable to virus attacks such as WannaCry.
What's required, is to embrace an adaptive and evolving approach to security. This includes re-evaluating security processes, practices, policies, platforms, tools as well as implementing enterprise-wide employee training and awareness programs, ensuring they are pro-active and insightful enough to detect various types of viruses and phishing mails.
Making response intelligent and flexible - intuitive and evolving
Achieving an adaptive security posture involves three critical steps:
- Assessing their current cybersecurity strategy, enterprises need to validate if the current security environment architecture is in line with their business & IT vision and is scalable enough to defend against future threats
- After strategizing a scalable future ready architecture, enterprises must transform their security posture with the help of requisite advanced controls and continuously integrate them in their environment to securely enable business growth
- Firms must ensure continuous monitoring and management of the implemented controls and environment while being supported by robust incident response capabilities either through a full-fledged in-house security operations center or by leveraging the services of a mature managed security services provider
To transform the security capacities, firms need to start by ensuring basic security hygiene. Instead of just focusing on emerging/niche technologies and next-gen security controls, firms must conduct regular patching and updating of operating systems and security software. Additionally, they need to take regular data backups, install advanced anti-malware, control and limit administrative access, and educate the end users through security awareness and training campaigns.
Further, continuous monitoring of the environment is necessary in order to defend against threats. To ensure this, firms must seek to deploy a next-gen security framework which leverages the power of Machine learning, behavior analysis, and Vulnerability/threat Modeling to detect and mitigate the threats targeting an enterprise. Integrating global threat intelligence with a robust security monitoring platform can help bring end-to-end visibility and actionable insights, building up proactive defense against threats before even encountering it. A collaborative threat intelligence platform can aggregate threats, vulnerability, and social media feeds from multiple sources.Finally, an automated and orchestrated incident response mechanism would help stop, contain, eradicate, and remediate from the impact of WannaCry and its variant.
A major area of focus post the recent ransomware attacks, is the DR-BC (disaster recovery and business continuity) domain. A DR (Standards) program would allow for data backups and enable firms to easily rebuild attacked systems with little or no additional costs.
On the path to robust protection - the road ahead
With newer security tools and technologies vying to occupy enterprise mindshare, fundamental security best practices and time tested processes are at times neglected, resulting in a condition of stasis.
An experienced & mature cybersecurity services partner can help the organization grow securely while remaining compliant to business and regulatory requirements.
HCL’s Dynamic Cybersecurity Framework encompasses:
- Strategy Consulting and Architecture Assessments to support security requirements of modern, fast-moving, Cloud, and digital-first businesses
- Transformation of the security posture through implementation & integration of basic and next-gen controls which enhance resiliency
- Efficient Managed Services that rely on highly experienced security experts with their response capabilities augmented by Smart Analytics & Artificial Intelligence.
These are interesting times for the world at large.
While firms are gaining new ground in customer connectivity and product/service quality, emerging pernicious forces are always pushing the boundaries of safety and security. To survive, prosper, deliver, and invigorate enterprise plans and targets, it’s imperative to envision a well-outlined and highly calibrated security framework, that's smart, agile, and effective.