Five best practices worth repeating in wake of WannaCry attack
With sophisticated network breaches proliferating, businesses can’t afford to let their guard down
By Eric Hodge, ThirdCertainty
In the world of cybersecurity—particularly for small- and midsize businesses—progress tends to be achieved in fits and starts. Rare is the SMB that has the patience and focus to take a methodical approach to improving network security over an extended period.
So when news of the WannaCry outbreak grabbed the mainstream media’s attention recently, fear among SMBs spiked and attention turned to cyber issues. However, just as quickly, it seems, the pendulum appears to be swinging back toward complacency for all too many companies.
Related article: WannaCry portends rise in self-spreading viruses with nasty payloads
That shouldn’t be the case. Let’s consider five prominent WannaCry takeaways businesses of all sizes should pause to consider. These notions hold especially true for SMBs that can’t afford to have their reputations gouged, much less sustain material monetary losses, from a major network breach:
• Patch management. WannaCry took advantage of a vulnerability in the Server Messaging Block, a particular part of the Windows operating system. Microsoft had released a patch back in March, but not everyone had applied it, particularly on older Windows XP systems. You’d have to have a substandard patch management program in place to miss a critical security patch for two months, and those were the companies affected.
All organizations require a robust patch management program. Guidance is available from the National Institute of Standards and Technology, under NIST standards 800–53 and 800–60. And the SANS Institute, a private cybersecurity think tank and training center, has put together helpful pointers in SANS’ Framework for Building a Comprehensive Enterprise Security Patch Management Program.
• Software inventories. WannaCry pummeled organizations using old or pirated versions of the Windows operating system, since those are systems that tend not to be patched automatically. All businesses can reduce their risk by knowing what applications and versions are in their networks. SMBs need to ensure that unauthorized copies of business applications are not present. The good news is that proven applications are available that can inventory the operating systems and business software your company regularly uses.
• Backup, backup, backup. Want to know the top three ways to beat ransomware? Back up to the cloud. Back up to the cloud. Back up to the cloud. What’s the best way to defeat ransomware if you are uncomfortable backing up to the cloud? Back up somewhere else that is off your network.
Those organizations that had a readily available backup ready to go could simply delete the encrypted files, restore the good backup, sweep their networks for malware, and get back to business. We have seen that process take 15 minutes. There are many providers who will back up your data, usually for under $1,000 per year.
• Consider cloud security. Trusting mission critical data and processes to a cloud service provider still makes many company decision-makers very nervous. They’ll say: “I don’t want to trust a cloud provider with my data. Those guys get attacked all the time.” While that may be true, the reputable cloud service providers, by now, know what’s at risk and have made the investment in quality defenses.
If you are one of the companies unsure about whether you were patched properly, whether you had good backups, or whether your response plan was going to be effective, then the reputable cloud services providers that deliver these types of services are doing better than you are. It may be time to look into moving functions like email, office automation and customer resource management to the cloud.
• Breach response planning. A good breach response plan would not have prevented infections from WannaCry; but it would have speeded recovery. If everyone in the organization knows where to go and what role to play in getting the network back to normal, expensive downtime can be minimized. A robust breach response plan needs to be in place, tested and accessible to key players.
These notions were true well before WannaCry. And they bear repeating in the aftermath of this landmark, self-spreading ransomware attack. No doubt there will be more lessons to learn, going forward. One thing seems assured: Sophisticated attacks designed to breach business networks indiscriminately are with us to stay.
More stories related to network security and deflecting breaches:
SMBs can DCEPT attackers with free network monitoring tools
New network defenses leave intruders with no place to hide
Better cybersecurity audits would mean better network protection