By now, anyone who has turned on a TV or opened a newspaper in the recent days has likely heard of the large-scale security onslaught known as WannaCry ransomware. In the unlikely event that you have been living under a rock since May 12, listen up. WannaCry is a global ransomware attack (a targeted exploit where data is stolen, encrypted, and held for ransom) – and it’s spreading like wildfire, with more than 300,000 infections cited so far (we believe that number is likely underestimated significantly).
Unfortunately, WannaCry is only the most recent example of a new wave of modern cyber exploits, and we can be certain it is not the first, nor will it be the last attack of its kind. Why? Because it works. Last year alone, the FBI indicated that ransomware criminals were on pace to eclipse the $1 billion mark in illegal revenue for 2016. This villainous ‘industry' of modern cyber exploitation is evolving daily, so it has never been more imperative than now for companies to develop a comprehensive and proactive approach to bolstering their security posture against the new era of threats.
In order to take appropriate steps in being able to mitigate advanced malware exploits such as WannaCry, I’ve outlined 5 basic questions below that every company should be asking their IT Director.
Side Note: Please give your IT Directors a hug or offer to buy them lunch in the next few weeks. I can assure you that their job is incredibly difficult and it seldom receives the appreciation it deserves. For instance, when was the last time you thanked your IT Director for decreasing latency on your network, or for blocking the millions of harmful emails they do each week? Probably not as recent as it should be because it seems the only time anyone talks to their IT Director is when ‘bad' things happen (i.e. how dare they allow that one spam message to get through 3 weeks ago!). So here's my PSA for the day: Please be kind to your local IT Director – The job is hard, and they do so much for you on a daily basis to keep you safe. 🙂
Top 5 Questions to ask your IT Director in the wake of WannCry:
1) How do we know our company hasn’t been infected?
Data suggests that nearly half of all companies have already been hit with an advanced malware attack of some kind. This roughly translates to mean that many companies could have a variety of threats hiding under the surface in their environment without even knowing it. One of the best ways to identify any pre-existing exposure to latent threats is to use a vulnerability scanning tool. There are a number of vulnerability scanning technologies in the market today, but a solid IT security vendor should offer this service at NO CHARGE. Did I mention Barracuda Email Threat Scanner and Barracuda Vulnerability Remediation Service are both offered free of charge?
2) Do our company's security solutions provide Sandboxing?
Sandboxing is a relatively new feature in the IT industry, so do not assume that it is included with your company's existing security solutions. As discussed, today’s threats are a new breed of highly evolved attacks, so merely relying on traditional, signature-based defense mechanisms is inadequate against the modern cyber threats. The ability to Sandbox a threat is vital for one very important reason: Remote Detonation. In addition to sounding cool, “remote detonation” is crucial to detecting the presence and scope of advanced exploits before they infiltrate your environment. Sandboxing allows you to safely observe the heuristic behaviors that would otherwise bypass traditional detection systems. Once observed, it can then either be neutralized or deemed non-malicious and passed through to its intended destination.
3) Does our security vendor have a Global Threat Intelligence Network and what do they proactively do with their data to improve our company's security posture?
Anytime a company is selecting a security vendor, the company should ALWAYS care about the extent of the security provider’s Global Threat Intelligence Network and how the data they collect will help protect your company. A mature security vendor should have thousands of nodes across the globe that are actively seeing countless new and evolving attacks in real-time (this is particularly useful if the data crosses more than one – or better yet, all – threat vectors). This real-time visibility of emerging attacks is fundamental to a security vendor's ability to stay ahead of new “Zero Day” or “Zero Hour” threats that can materialize without notice. The better security vendors will also use this data intelligence proactively by aggregating it into some form of real-time research hub, where it can be observed, understood, and ultimately patched through updated security definitions. Additionally, if a security vendor cares about ensuring that its customers benefit from this intelligence, the real-time security updates and patches should then be propagated across all existing customer deployments to ensure that all solutions are equipped with the most up-to-date and proactive security measures available. Minutes and seconds truly matter when dealing with security threats.
4) What is our company doing to educate our employees on how they can personally help prevent falling victim to malicious attacks?
Ever heard of P.E.B.K.A.C? If not, go ask someone in your company's IT department and they will be happy to enlighten you. “PEBKAC” or “Problem Exists Between Keyboard And Chair” is the common understanding in the IT Industry that the hardest variable to solve for in any equation is typically the human who is involved. When it comes to addressing a company's IT security concerns, this is true as a staggering percentage of modern day attacks rely on social engineering and the manipulation of companies' users to comply with harmful requests. Various types of email spoofing attacks or spear phishing campaigns, for instance, are designed to get an end-user to open an unsafe attachment, click on an embedded link, or follow the directions of an impersonator to wire funds or release sensitive data. Because of this, relying on technology alone to defend against modern day attacks will arguably have limited success unless a company is simultaneously training its users as well. There are several “Security Awareness” trainers in the market; however, the better IT security vendors are offering these services already either on their own or via a partnership they have in place. These training courses typically will be/can be included with the purchase of a solution.
5) Does our company have a Backup and Disaster Recovery Solution?
If a Backup and DR (Disaster Recovery) solution is NOT part of your company's comprehensive plan to solve for modern day cyber attacks, then your company has an incomplete plan. Even in the worst-case scenario of a company falling victim to an attack, especially a ransomware attack such as WannaCry, having a solid backup plan in place can make the difference in not having to pay a ransom and recovering with minimal impact – or losing files altogether. If an attacker seizes, encrypts, and holds your company's data for ransom, multiple copies (backups) of your company's data will exist in redundant locations. So, here's what your company can do if you have a Backup and DR solution and are hit with a ransomware attack: (1) Do NOT pay the ransom (2) Tell the attacker to go fly a kite (3) Wipe all systems (4) Restore all data and systems from the most recent backup (5) Get back to business.
Of course, I am fortunate enough to work for an industry-leading security and data protection vendor. We pride ourselves on helping customers of all sizes address the best practices outlined in this post (and we are really good at it).
Regardless if you turn to Barracuda or another company for assistance, these questions are a good start in your company's journey to try and ensure that you do not fall victim to the next wide-scale attack. Good luck and don't forget to hug your IT Director.
Chad Lindsey is Director and Chief of Staff, Americas Sales, Barracuda.