With the appearance of the ‘WannaCry’ ransomware attack, we are once again faced with the reality of an unprepared and understaffed response to a large scale malware attack. The private sector companies, both national and international need to spend the time and money to harden their systems. The need to take a tactical defensive stance increases every day. Firewalls and anti-virus platforms are no longer enough.If corporations and large scale business entities are going to survive, they need to budget staff and resources for a defense against threats with the power to shut them down and put them out of business.How does one harden a system? Take a look inside military and government operations. One place to start is to begin using Security Technical Implementation Guides (STIGs). These are guidelines published by DISA (Defense Information Systems Agency) for configuring servers and information system equipment. This protects and brings a network into compliance with NIST (National Institute of Standards and Technology) and other government regulations. Next would be to start monthly if not weekly scans for vulnerabilities and building a patch management system. Companies like Tenable (Nessus) and Tanium offer everything from standalone scanning software to large-scale vulnerability management
systems capable of managing global networks. In this age of Everything as a Service (EaaS), there are various options from Firewall as a Service (FaaS) to variable scale cyber security offerings such as FireEye’s ‘FireEye as a Service’ which provides a cyber security team, that provides your network security as a delivered service.Beyond this, there needs to be a review of your policies and how you choose to operate. Whitelisting applications (mandatory controls of software applications) need to be considered. One of the most dangerous places on a corporate network is the “Guest” network. Too many times these are wide-open and unrestricted. Most corporate guests need to reach email and possibly corporate websites, but to leave this wide open is inviting trouble. It also gives a Threat Actor a connection inside your building and needs to be properly locked down. Another item to look at is employee access to the internet. While it is nice for employees to use their work computers during lunch to shop, check e-mail on anonymous networks (Gmail, Hotmail, etc.) and generally wander around cyberspace, is it really worth the risk? From social engineering
through e-mail to poisoned websites, the possibilities of catching a digital disease are enormous.Whether it is the attack on IoT (Internet of Things) such as the ‘Mirai’ malware attack which used TV’s, DVD players and other household items to the digital kidnap of the ‘WannaCry’ ransomware attack this is not going to stop anytime soon. As these attacks grow larger and now obtaining a global footprint, it is no longer “if” but “when” and preparation is critical.Note: All product names and brands are the property of their respective owners.