Five best practices worth repeating in wake of WannaCry attack

With sophisticated network breaches proliferating, businesses can’t afford to let their guard down

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

In the world of cybersecurity—particularly for small- and mid­size businesses—progress tends to be achieved in fits and starts. Rare is the SMB that has the patience and focus to take a method­i­cal approach to improv­ing net­work secu­ri­ty over an extend­ed period.

So when news of the Wan­naCry out­break grabbed the main­stream media’s atten­tion recent­ly, fear among SMBs spiked and atten­tion turned to cyber issues. How­ev­er, just as quick­ly, it seems, the pen­du­lum appears to be swing­ing back toward com­pla­cen­cy for all too many companies.

Relat­ed arti­cle: Wan­naCry por­tends rise in self-spread­ing virus­es with nasty payloads

That shouldn’t be the case. Let’s con­sid­er five promi­nent Wan­naCry take­aways busi­ness­es of all sizes should pause to con­sid­er. These notions hold espe­cial­ly true for SMBs that can’t afford to have their rep­u­ta­tions gouged, much less sus­tain mate­r­i­al mon­e­tary loss­es, from a major net­work breach:

• Patch man­age­ment. Wan­naCry took advan­tage of a vul­ner­a­bil­i­ty in the Serv­er Mes­sag­ing Block, a par­tic­u­lar part of the Win­dows oper­at­ing sys­tem. Microsoft had released a patch back in March, but not every­one had applied it, par­tic­u­lar­ly on old­er Win­dows XP sys­tems. You’d have to have a sub­stan­dard patch man­age­ment pro­gram in place to miss a crit­i­cal secu­ri­ty patch for two months, and those were the com­pa­nies affected.

All orga­ni­za­tions require a robust patch man­age­ment pro­gram. Guid­ance is avail­able from the Nation­al Insti­tute of Stan­dards and Tech­nol­o­gy, under NIST stan­dards 800–53 and 800–60. And the SANS Insti­tute, a pri­vate cyber­se­cu­ri­ty think tank and train­ing cen­ter, has put togeth­er help­ful point­ers in SANS’ Frame­work for Build­ing a Com­pre­hen­sive Enter­prise Secu­ri­ty Patch Man­age­ment Program.

• Soft­ware inven­to­ries. Wan­naCry pum­meled orga­ni­za­tions using old or pirat­ed ver­sions of the Win­dows oper­at­ing sys­tem, since those are sys­tems that tend not to be patched auto­mat­i­cal­ly. All busi­ness­es can reduce their risk by know­ing what appli­ca­tions and ver­sions are in their net­works. SMBs need to ensure that unau­tho­rized copies of busi­ness appli­ca­tions are not present. The good news is that proven appli­ca­tions are avail­able that can inven­to­ry the oper­at­ing sys­tems and busi­ness soft­ware your com­pa­ny reg­u­lar­ly uses.

• Back­up, back­up, back­up. Want to know the top three ways to beat ran­somware? Back up to the cloud. Back up to the cloud. Back up to the cloud. What’s the best way to defeat ran­somware if you are uncom­fort­able back­ing up to the cloud? Back up some­where else that is off your network.

Those orga­ni­za­tions that had a read­i­ly avail­able back­up ready to go could sim­ply delete the encrypt­ed files, restore the good back­up, sweep their net­works for mal­ware, and get back to busi­ness. We have seen that process take 15 min­utes. There are many providers who will back up your data, usu­al­ly for under $1,000 per year.

• Con­sid­er cloud secu­ri­ty. Trust­ing mis­sion crit­i­cal data and process­es to a cloud ser­vice provider still makes many com­pa­ny deci­sion-mak­ers very ner­vous. They’ll say: “I don’t want to trust a cloud provider with my data. Those guys get attacked all the time.” While that may be true, the rep­utable cloud ser­vice providers, by now, know what’s at risk and have made the invest­ment in qual­i­ty defenses.

If you are one of the com­pa­nies unsure about whether you were patched prop­er­ly, whether you had good back­ups, or whether your response plan was going to be effec­tive, then the rep­utable cloud ser­vices providers that deliv­er these types of ser­vices are doing bet­ter than you are. It may be time to look into mov­ing func­tions like email, office automa­tion and cus­tomer resource man­age­ment to the cloud.

• Breach response plan­ning. A good breach response plan would not have pre­vent­ed infec­tions from Wan­naCry; but it would have speed­ed recov­ery. If every­one in the orga­ni­za­tion knows where to go and what role to play in get­ting the net­work back to nor­mal, expen­sive down­time can be min­i­mized. A robust breach response plan needs to be in place, test­ed and acces­si­ble to key players.

These notions were true well before Wan­naCry. And they bear repeat­ing in the after­math of this land­mark, self-spread­ing ran­somware attack. No doubt there will be more lessons to learn, going for­ward. One thing seems assured: Sophis­ti­cat­ed attacks designed to breach busi­ness net­works indis­crim­i­nate­ly are with us to stay.

More sto­ries relat­ed to net­work secu­ri­ty and deflect­ing breaches:
SMBs can DCEPT attack­ers with free net­work mon­i­tor­ing tools
New net­work defens­es leave intrud­ers with no place to hide
Bet­ter cyber­se­cu­ri­ty audits would mean bet­ter net­work protection


Posted in Featured Story, Guest Essays