By: Pankaj Kamboj
June 19, 2020
How to Protect IT During COVID-19
By: Pankaj Kamboj
June 19, 2020
During COVID-19, cyberattacks have increased by over 40%. Common targets are hospital chains as REvil ransomware targets the unpatched VPN servers there! So what does it mean? Cyber attackers are not leaving any stone unturned, using all means to exploit the networks, and VPN is not exempt. With the sharp increase of VPN for home users, it becomes pertinent for each organization to perform vulnerability scans, fix them by patching proactively, and monitor security events consistently. The security war is not going to end here. To be prepared to counter and mitigate those attacks, enterprises need to be focused and vigilant in the following areas.
Continuous Vulnerability Scanning: A vulnerability assessment is a regular exercise and should be performed at least twice in a year as the threat landscape changes rapidly. If, for example, the environment is PCI compliant, or contains mission-critical data, the frequency of vulnerability assessments must be more often to keep abreast of adversaries. Many organizations follow the proactive approach by scanning the IPs on a monthly or quarterly basis. This should also be done when any change is made to the infrastructure, or new technology is introduced. First, scan the new device, then perform regular scanning to avoid any surprises later.
Patching: The next, and most crucial stage, is to identify the critical assets, prioritize them based on your organization standard, CVSS, etc., and then plan the patch as per your organization's best practices. The patch must be first tested in the test environment and then, after approval, applied in the production environment. Moreover, the patch process must have rollback functionality, in case the applied patch doesn't work in a manner it was supposed to be. Indeed, most compromises happened because a patch was not applied on time, or the machine was left unpatched, resulting in some form of breach. As an example, ransomware attacks - such as WannaCry and Petya - are the most known and formidable, has impacted every industry, with global loss estimations in the range of £6bn.
Monitoring the assets: One of the biggest challenges in cybersecurity is dealing with the large volume of data, making sense of it by turning raw data into an intelligible format, and allowing companies to derive warning signs of attacks, understand the nature of faults, or provide appropriate reports to stakeholders. The war does not end here, either. It's important to supplement by analyzing behavioral aspects, too. How do assets normally behave? Are there any signs of C&C? Any extra busy traffic, which is the most common indicator of compromise? Keep an eye on the critical assets through an SIEM tool, review who gets access and what level of access is given to those users, know what might potentially attack the system, and build a logical architecture. Time is a critical factor in reducing cyber risk. The longer it takes to respond to an incident, the more you are exposed. The more data that can be turned into intelligent data, the more context is given to resolve issues quickly. With this knowledge, and building from there, you will be close to identifying an attacker's motive, opportunity, and means thus, help you build a robust security fortress!
To summarize, these are the basics to protect and defend the organizations against common cyber-attacks. Still, the irony is that even the large organization and Fortune 500 customers tend to forget these fundamentals. Thus, become a victim and catch the newspaper headlines.