WannaCry got execs’ attention. The rest get cybersecurity pros’ attention.
WannaCry made international news, and that’s both a good thing and a bad thing.
The good: It alerted many of the C-level about the power and problems of ransomware.
The bad: Because it happened primarily abroad, many execs may downplay the impact because so few in the US were impacted.
What we should all take away from it is if you’re not being proactive about ransomware, it’s time to work on your security posture.
Here are three things you can start doing today to make sure you don’t end up in a headline.
Tip #1: Get your maintenance hygiene in order with Vulnerability and patch management
WannaCry shined a light on how far many organizations are with patch management. The patch to fix the issue was released two months ago, and, if in place, the majority of the attacks could have been avoided. When it comes to modern security, new patch updates occur regularly, making it hard to determine when and if the patch should be performed. So what should a hygienic patch management process look like?
At minimum start with a plan that looks like this:
- Document – Start by gathering an inventory of your hardware, software and really anything you can think of that helps your business run! Document all processes, vulnerabilities and risks associated with each.
- Test – Once you’ve documented your environment, run a test on every type of platform in the enterprise.
- Backup plan – Before any patch is installed, a full backup of all data and server configuration information must be made.
- Evaluation – Keeping up with the latest updates can be an overwhelming, time consuming task. Any sane person would want to quickly evaluate which updates are critical, which ones are simply useful and which ones you don’t really have to worry about. SANS sites Gartner as having great requirements for evaluation. Check it out here: https://www.sans.org/reading-room/whitepapers/bestprac/practical-methodology-implementing-patch-management-process-1206
- Roll out – Once the patch has passed your testing, DEPLOY DEPLOY DEPLOY!
- On-going management – And don’t forget to keep up with this process, document new processes that work and report your progress.
Self-serving pitch: We help a lot of organizations with patch management. They hire us not because they don’t have the ability on staff to do it, but because we treat it as a top priority. That means they don’t slip through the cracks. And we have the time to do it the right way. (Contact us if you want us to give you a quote to do patches in your environment.)
Tip #2: Study the threat landscape and anticipate evolving threats
Emerging threats are to be expected. The more technologies that emerge, the more likely those pesky cybercriminals are to creep up in your security line of sight. Look at your landscape: Do you have any security gaps today? If you don’t know, run a pen test. Heck, even run a pen test on things your company might be demo-ing!
There are also pro-active products out there at a pretty reasonable rate, depending on where ransomware and malware fit in your priority list.
Self-serving pitch: We not only resell the industry leaders, in many enterprises we treat them as a managed service to monitor, report and remediate issues.
Tip #3: Hidden assets can sneak up on you pretty quickly
It’s just about impossible to patch systems you don’t even know exists. You see this with any threat. It’s more than easy for an attacker to scale attacks against the forgotten systems that can be lost through inconsistent asset management. To defend yourself, you really need to be in tune with your environment and be on the constant hunt for stuff you forgot about.
As a pro, you know WannaCry is the one that got the headline, not the one that got the most enterprises. We can learn from it, though. The next threat will likely also take advantage of companies that are not keeping up with vulnerabilities.
Information security is one of the core areas of expertise for ASMGi. If you want to set up a phone call or meeting to discuss your areas of concern, we’re here to help.