When I wrote about avoiding the Ryuk ransomware a few days ago, one of the characteristics new to most IT professionals was the idea that the attack would be managed in person by a cyber-attacker. Normally when we think of malware, including ransomware, we think of it spreading using the old computer virus model. But that’s changed.
Modern malware, like new-gen cyber-attacks, rarely spread through an automated wormlike infection, and the reason is that it’s too easy for your anti-malware software to spot its activities, block the malware and quarantine it. This is also the reason why ransomware attacks are in a decline; the basic defenses have become effective enough that most viruslike activities can be stopped.
Yet, cybercrime is getting worse, malware infections are still with us, and data breaches seem to be a daily occurrence. This is happening because many organizations haven’t updated their defenses against cybercrime to match the ever-changing nature of the attackers. In addition, too many IT managers are making do with half-measures when it comes to protecting their IT environment.
Cybercrime Has Grown to State-Sponsored Status
The changes to the nature of the threat are part of the problem. Cybercrime has gone from being the purview of small-time criminals to organized crime and state-sponsored attackers. Sometimes those two types of attackers work together to bring the daunting capabilities of a state-sponsored attack to what would otherwise be a criminal activity.
It used to be that those state-sponsored attacks were deployed against governments or defense contractors, but that’s changed. Now those attackers want information residing in the files of smaller businesses. That information may include office phone lists as well as contact information for vendors and customers—and they also want your money.
While credit-card information is still something that many attackers want, it’s not the primary reason for many attacks these days. Instead, while a cyber-criminal may hold your data for ransom as a way to get hard currency, what they really want is to use your company information as a way to attack the next target up the line. And nowadays, the primary means of attack is through either social engineering or stolen credentials.
To protect yourself, your enterprise needs to stop attackers as they try to enter your systems, but it also needs to assume that some attackers will find a way in and so design your security approach to keep them from getting anything useful once in.
Multilayered Approach Is the Right Way to Go
This means you need to adopt a multilayered approach to security.
Perimeter security: While the firewalls of the past are no longer enough, they’re still essential protection to keep the bad guys from getting into your network. So is physical security of your computing and networking resources. However, you do need to stay up to date, and you need to adopt new practices in these areas when they appear.
Anti-malware products: While no longer enough in themselves, your antivirus, anti-malware, anti-ransomware and intrusion detection/prevention measures are also essential. They’re your next line of defense, and like the other items, you must update them and make sure you’re current on the latest practices.
Security monitoring: Most small and midsized companies don’t have the staff required to monitor their networks for anomalies, so you need to consider engaging a security as a service provider that has the ability and the skill set to look for telltale activities that indicate the presence of cyber-criminals or the actions of malware. One of the best-known providers is Qualys, but there are several others.
Patch management: The primary means of attacking a network directly is by taking advantage of unpatched operating systems, applications or security software. There are plenty of excuses for not patching your systems, but in fact they’re just that—excuses. You can no longer afford to wait months before applying a patch, unless you want to see your name in the headlines reporting a breach.
Network segmentation: Internal firewalls and routers are a must because they can help prevent network intruders from getting access to everything on your network, and they can also help keep malware from spreading. Segmentation also helps provide a check on disgruntled employees who might want to use your data as a way to get their next job.
Filtering: While it’s related to perimeter defenses, filtering your incoming email helps screen out most phishing attacks, and filtering websites helps keep web attacks away from your IT environment.
Encryption: You need to encrypt everything, including stuff you probably don’t think is worth the trouble. The attackers may just need one item of data from you that you might not think is important but that can enable their next attack.
Training: Security awareness training is critical for fighting the social engineering that accompanies phishing emails, CEO attacks and other non-direct attacks, including efforts to get copies of your phone lists and customer files. A company that specializes in such training, such as KnowBe4, can help your staff learn what to do and what to look for.
While I’ve listed eight levels of security that will help your organization, be aware that this list is not exhaustive. Some industries may need protections not listed here, and the security landscape could certainly change by tomorrow. That means you must stay on top of the current threats when they’re emerging.
Yes, it’s a tall assignment, but protecting against crime always is.