One valuable lesson we should all learn from last week’s WannaCry ransomware attack is this: once a vulnerability has been discovered, or another organization has been hit with a breach exploiting a vulnerability – the assumption should be that you’re next. Here are five tips to help you prepare for the next major cyberattack.
Check your defenses
Periodic checks of your defense systems are always good practice. But when a red flag appears, take the opportunity to thoroughly check your organization’s security tools to make sure that all are up to date and configured correctly.
Install latest software patches
Last week’s WannaCry ransomware attack exploited a known and documented Windows vulnerability. Microsoft released a patch for this vulnerability back in March, but, as became evident in the first 48 hours of the attack, many companies failed to install it. Patches and updates make both business and security sense. Installing updates is not always simple (we will elaborate on that in one of our future blogs) and companies are sometimes slow in completing the process. One way to compensate for slow (or no) installation of patches is by using simple – yet effective – prevention tools (see tip number five).
Most organizations have a policy requiring periodic password changes. When there is a looming threat, consider enforcing an ad-hoc password change across the entire organization. True – changing passwords would not have prevented or even slowed down WannaCry, but not all threats are created equal, and renewing credentials is simply best-practice security.
Educate your staff
Humans are the weakest link in the security chain. Sadly, your employees are not security experts. WannaCry, like previous virus strains, was not triggered by a malicious insider, but rather by an unsuspecting employee who clicked the wrong email and opened the wrong file. According to the Verizon Breach Investigations Report, almost 25 percent of recipients open phishing emails, and 11 percent open attachments. A major security incident is a good opportunity to make employees aware of the requirement for security and their critical role in protecting the organization.
Install solutions that disarm malware, ransomware and phishing tools
Naturally, the lessons I described above must be reinforced periodically; unfortunately, there is no way to ensure that they are not forgotten. However, there’s a way to make sure that malicious emails – such as the one used in last week’s WannaCry – are stopped, blocked and defused before they even reach your organization. ReSec’s content disarm and reconstruction (CDR) technology was designed to do exactly that. The CDR system which sits in front of the email system, processes all inbound content, analyzes the email and all attachments, and rebuilds a duplicate email and/or file based on the original format. In doing so, we defeat suspicious elements and guarantee all users receive only clean and trusted content. All this is done seamlessly, without interrupting user experience with no latency during file transfer and zero impact on network performance.
CDR is ideal for preventing advanced malware and phishing attacks. Unlike other tools such as anti-virus or sandbox, CDR doesn’t just scan the files for known vulnerabilities, but creates a new, clean file. In doing so CDR eliminates unknown zero-days or advanced strains that use sophisticated evasion techniques that slip by traditional defenses.
The bottom line
Customers using ReSec’s CDR based system were completely protected from last week’s WannaCry attack. This attack was a warning call. The next attacks will be more lethal and more widespread. However, the main distribution method will still be innocent looking emails that pray on human weaknesses. ReSec’s CDR is both “user-proof” and “future-proof” as it defeats unknown malware and does not depend on changing user behavior. We may not be able to stop the attack from taking place – but we can certainly prevent it from causing any damage.