J2 Software cautions that the recent cyber-attacks serve to emphasise one brutal fact: every organisation is vulnerable to cybercrime.
John Mc Loughlin, J2 Software MD, notes that recognising this threat and planning to prevent it is the key to mounting a successful response–and visibility is the first line of defence.
“Just a few weeks ago, hackers using the WannaCry software held hundreds of thousands of computers to ransom, among them users from the UK National Health Service, Telefonica in Spain, and Deutsche Bank. More recently, the Fireball malware has infected more than 250-million personal computers, the majority in India,” says Mc Loughlin.
He adds these are just two of the most recent and highest profile incidences of cybercrime, which is growing at an alarming rate.
“Users of ICT–which is virtually everybody on the planet–need to take two important lessons to heart.
“Nobody is immune to these cyber threats. If you have not been hit already, you will be someday – that is a certainty. The volume and sophistication of hacker groups, and the growing availability of automated hacking tools, are indeed cause for concern. And lightning does strike twice or more times in the same place. Some companies are hacked multiple times, with hackers often exploiting the same vulnerabilities–this type of information is shared or sold on the Dark Net.
“Visibility is a vital line of defence. Many organisations or individuals only realise they have been hacked a long time after the fact, when their data has long since disappeared or is encrypted, and the damage is done. Swift response is crucial to minimising the impact of a breach.
“In other words, simply updating a security policy in response to news of an attack is not enough. Of course, the flaws in the security policy and procedure must be attended to, but things cannot be allowed to continue as they always have,” he says.
Mc Loughlin highlights the need for a security policy or audit. “However, audit results are not worth the paper they are written on if they are not complemented by a vigorous and robust monitoring capability. In a world in which the threats are constantly evolving and escalating, and in which the behaviour of users will always be the weakest link, it is imperative that the company has excellent visibility of exactly what is happening on its systems.”
He emphasises that companies cannot protect what you cannot see. “Alternatively, with visibility, you have the ability to respond rapidly, and limit the damage.
“For example, do you know if a piece of malware has been installed on an employee’s machine, which is then transferred to the system? What did User A do with the sensitive financial or customer data he, or she, was working with on their laptop last night at home? Was it moved onto a memory stick, or uploaded to a cloud-share service? These are all actions that might be perfectly innocent, albeit dangerous, or actually calculated malicious actions but the point is that the company needs to know exactly who is accessing its data, and what they are doing with it.”
Mc Loughlin concludes that the truth is that no matter how complex the organisation’s environment is, or how secure they believe it to be, it is likely that it is already compromised, or soon will be. “The time for action is now – that means, planning for the worst, so that when it will – and not if it does – happen – it is detected instantly permitting a company to take control of the situation.”