Cyber-Attacks Are Like The Flu

Cyber-attacks are like the flu, even with an injection, eventually, you are going to get ill. It is always there, lurking, waiting to make your life just that little bit harder.

The same can be said of today’s cyber threats.  They constantly change, with malware vectors ever increasing.

Many companies are lax, leaving doors open, not deleting user accounts of those who have left, ignoring system alerts, not patching servers and endpoints, have weak email controls, allow fileless attacks or bad URLS.

Some can’t afford the time to investigate an attack so need to be proactive about stopping them. Traditional measures such as anti-virus are no longer good enough to meet the speed of change and are often unable to see new vectors, such as fileless attacks. Proactive systems are required which provide visibility, detection, and prevention, along with automatic\manual remediation.

Technology is available to deal with this and can fit across the whole network, servers to endpoints. It looks at what is normal if anything looks abnormal the process is killed immediately. Any Zero-Day attacks are stopped whereas, traditional forms of detection only kick in once the attack signature is known and implemented, which is far too late.

By using technology to detect a threat, and blocking it, prevents its spread and gives the IT team time to investigate in a quarantined environment. Enabling an exploit to run within a controlled environment, such as honeypots, allows deeper understanding of who the attacker is and their goal. This is useful, especially if the attack was targeted at critical assets, such as intellectual property or finance systems.

Another benefit of using technology is that it generally gives the IT department access to specialist security teams run by the vendor, a virtual in-house security operations team if you like, performing many triage functions and bringing special skills to the fore, which would normally not be available within the organisation.

All businesses need to stay ahead of the game, not to find themselves as the weakest link – goodbye!

The way forward is to use an AI-based system that learns the behaviour of the network. Technologies such as SOAR (Security, Orchestration, Automation, and Response) can link many disparate security technologies together, forming a single platform for management and alert. Being AI-driven, it allows the business to automate some functions, such as address blocking or taking a device offline during an attack.

Another approach is to lock down each endpoint as, in general, these are the most vulnerable to attack. If a protected endpoint starts to perform unusual acts, even if they are valid applications but used in an odd way, the device will be ring-fenced and the IT team alerted of the incident. This happens instantly, minimising the spread of the attack and with the intelligence to know other protected devices within the network, communicating the threat vector so that each endpoint protects itself, even before the exploit runs.

Now is the time to start protecting against the unknowns, as even the security vendors can’t always be on their ‘A game’, but you certainly can.

 

Padlock

Insidious Malware And What To Do About It.

Malware is an ongoing headache for IT users and it is a constant race to stay ahead of it.  Recently there has been the storm over the flaw in the Apache Log4J software, which seems to allow hackers to enter code in record-keeping logs, letting them then take control of data.

This vulnerability comes from an open-source programme that is able to record changes to applications.  It is widely used by applications and services across the Internet and consequently, this security loophole is likely to affect us all, individual and corporation alike.

And, the concern now is that it may be able to cause further damage by encrypting or even deleting data.

It is not however the only such vulnerability.  So, what can we do to limit any possible damage, not only from this current exploit but from other forms of malware too?

Firstly, and most importantly, ensure all current patches and updates are installed. Most vulnerabilities are fixed by the vendor in a relatively short period of time, the issue comes from companies not updating the software that enables the new fixes to remove the vulnerability.

Secondly, install malware detection solutions or applications that can stop unknown or unusual processes starting, which could be controlled by malware. Or, remove all active links in emails and/or attachments, so that users cannot click on them without actively thinking. Remember, users are the biggest security threat of all.

Then:

.  Ensure your Internet browser is up to date

.  Do not use pirated software

.  Check your anti-virus is robust

.  NEVER click on suspicious links

And lastly, if you don’t need an application, or are not using it, turn it off!

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email intouch@digitalpathways.co.uk and we’ll be happy to advise you.