The New York Times wrote an in-depth piece about a hack that used WannaCry Ransomware as a diversion. https://t.co/xqMmrwLbPx A lot of these new attacks cannot be detected and some of the top security tools out there missed them as well. That is why a security solution is needed and it is not just tools. In this situation, fast action by the CISO of the targeted company is the only defense. If this hack stole or deleted documents, a disaster recovery solution would allow for an easy restore of files, folders, corrupted/infected systems et al.
A complete security solution includes the following:
- Tools: Firewalls, Backbox Analyzers, end point protection, vulnerability scanning and penetration testing
- Maintenance: Regular and consistent patch management, signature/definition updates, firmware updates and network credential audits. Replace old hardware and software via lifecycle management.
- Process and Procedure: Identify critical systems and document a recovery runbook for each system. Constantly update the runbook based upon new threats and practice recovery drills. Create procedures for user creation and file permissions. Avoid at all costs allowing administrator rights to anything.
- User Training: Social engineering is still one of the biggest threats to an environment. Keep abreast of the latest spear phishing schemes and inform users. There are training tools and services available that will contact employees to try and socially engineer access to your networks.
- Network Design: Internet of Things is real and in many cases, creates a shadow IT organization. Educate implementers of IoT and isolate that network from the business network. If data needs to cross over from the IoT network to the business network create and leverage a DMZ for data transfer.
- Recovery: New threats that cannot be detected by the tools will get through. Once the threat has been identified and quarantined via tools and runbook procedures, the business of restoration begins. Leverage disaster recovery solutions with business continuity capabilities so you can have the flexibility to deal with the most severe of attacks.
- Vigilance: Finally, Human intelligence is very important to staying on top of threats. Monitoring key systems such as firewall logs and Blackbox systems frequently is extremely important to staying ahead of threats or preparing for them.
If this sounds like a full-time job, then you are correct. Call and ask us for affordable packages that can help you protect your business.