By John Flory III
It is time for businesses to play offense against cyber criminals: For the last 200 days the business world has faced unimaginable challenges. These challenges have forced us to stray from our comfort zone, modify our existing tried and true policies as we fought to survive. Going forward we have to anticipate the unexpected and be prepared for anything.
The strength of the American Economy comes from the resilient nature of its’ businesses. Solving for these challenges just makes them stronger.
The speed at which a “work from home” adaptation occurred and the laxing of policies to account for the transition, while closing the doors, has opened an enormous number of windows. While we have been learning how to be “operable”, cyber criminals have been ramping up their capabilities to exploit this new opportunity exposed to them. Where email phishing is still the primary way criminals are stealing from us, their tactics are changing, and we need to take an offensive approach to defending our livelihoods and our homes.
I have spent the better part of the last several months responding to businesses that have been victim to ransomware and assisting them in uncharted waters. The sophistication and execution of these attacks are daunting. It has forced many organizations to pay the ransom to survive. Paying ransom is a slippery slope and never recommended as re-attacks are an unfortunate trend. If you are known as a “payer”, be assured the cyber criminals will be back.
The shift in criminal activity has gone from locking people out and encrypting data, to the stealing all sensitive data first and then encrypting. Criminals are accessing networks through phishing, mailbox takeovers, unpatched systems, etc. This activity is going undetected, because we have forgotten the window is open and the move to “work from home” comes with the expectation of unknown quantities of traffic utilization. The surgical like methodology of; infiltrating, performing the reconnaissance for valuable data , executing the theft of critical information, then removing the backups that allow for recovery followed by the encryption of your data is what leaves these businesses with the decision to become a “payer” or not.
Once encrypted, hackers will show snapshots of your sensitive data (proving they have it) and demand ransom for the encryption keys to decrypt your data. If you do not comply, they will specify what they are going to do with the data, it is methodical and destructive. What follows next is that the hackers will make their identity know. You will need to invest in security forensics specialists to research and explain the track record of the attackers. Help you close the windows and assist in the negotiation. For most this is a surreal experience, negotiating and communicating with criminals.
When organizations ask me how to prevent this from happening to them, I tell them to go on offensive and give the following advice:
• It all starts with a security plan.
• Perform a risk assessment to understand what and where your risk is.
• Have an incident response plan.
• Implement 7x24x365 monitoring on your network, endpoint, and cloud infrastructures.
• Scan and test your systems.
• Enable multifactor authentication and encryption.
• Implement a security awareness program for your staff.
These steps will help keep you and your information safe, while identifying unauthorized access and activity. Monitoring is key as early detection can inform you if someone has unauthorized access before they steal your data. The software only approach to detection, is no longer an effective approach.
“Zero day attacks” are being used every day and this simply means it is a new method of attack that software has never seen, therefore unable to stop. Criminals use these methods to get in and the devastation begins.
Our best offense in ensuring against cyber criminals is having a policy/program with “eyes on glass”, 24/7 monitoring rather than relying on a software’s point in time testing. Understanding your risk will allow you to build the right policy/program for your business with the best tools to defend.
Make cybersecurity a part of your culture and make sure employees play their part. We find that IT departments generally hold about 30% of the organizations overall risk, but ultimately is looked at as having to be 100 percent of the protection. This simply is not effective, having a risk assessment performed will allow you to understand your risks, who owns them, who should be accountable, and what metrics to put in place to measure our success in reducing it.
A very old saying in IT is that “people, process and technology” prevents and solves problems. In the modern cyber world this is just not enough. Businesses and Humans are fallible even on their best days. Building a security conscious first “Culture” is what ultimately is required. It is what will make the execution of the processes, by the people, with the right enabling technologies successful. CPPT (Culture, People, Process, & Technology). The time for offense is now.