Maksim Kabakou - Fotolia
The risk of a cyber attack has been an accepted reality of 21st century business life for some time. This prospect is understandably unnerving for many organisations, but much can be done to increase resilience, thereby reducing the impact of any breaches that do occur.
Most organisations run regular corporate application server backups. These can be augmented with automated backups of workstations and laptops (which often does not take place systematically) to minimise data loss and avoid the need for pay-outs in ransomware attacks, as well as helping with day-to-day issues such as file corruption. This is reinforced with daily checks to confirm that a full backup has taken place, along with an agreed process to follow should it fail.
Breaches on lost or stolen laptops can be minimised by making the encryption of hard drives a standard corporate process. This requires users to enter the appropriate PIN to boot up the device before reaching the operating system login, which can only be accessed with a second PIN/password, thereby acting as a form of two-factor authentication.
Data should also be encrypted. Typically, this occurs when data is in transit, because it is seen as more vulnerable during send processes, but encryption needs to extend to when data is in storage, particularly as the EU’s General Data Protection Regulation (GDPR) is looming large on the horizon. Levels of encryption need to reflect the importance of a particular dataset, and the impact of it being accessed by unauthorised parties.
To avoid information files being saved onto laptops or in fileshares, Citrix or VM software should be used where possible to centralise data into key hubs that can be protected and controlled more easily. If any single access point, such as a laptop, is infected, the central data store is not compromised, while the laptop can be blocked.
Data can also be segregated, with different layers having different levels of security based on their sensitivity and importance to the business. This means that a breach does not necessarily lead to all information being accessed.
It goes without saying that the security standards of enterprise system build levels must be actively enforced. To be truly effective, this needs to be underpinned with a patch management process. Suppliers and researchers continually develop security patches and updates to correct software flaws. If organisations do not apply these patches, they remain vulnerable to those specific weaknesses until the patch is applied.
Automated scanning for both code and configuration vulnerabilities should take place at least once a week.
The more an organisation can learn in advance about any potential attacks on its information systems, the better prepared it will be if they happen, thereby minimising the impact. Undertaking “proactive defence” requires looking at the threats being faced by other enterprises, keeping up to date with developments and discussions in the information security world, and sharing material that could be useful to other organisations in preventing an attack.
It is also important to keep track of developments in the hacking community, to pre-empt as many threats as possible. Organisations with awareness of the potential threats inherently improve their resilience.
Plans and policies
The impact of many ransomware attacks is often highly disruptive to business operations. Computers and networks may need to be shut down in order to contain the attack, while systems may need forensic investigation to try to ascertain the origin of the breach and enable evidence to be collected for a potential prosecution.
A disaster recovery plan ensures that business-critical functions are up and running as soon as possible to minimise impact, as well as providing clarity of actions expected from individuals and the organisation as a whole during what is likely to be a challenging period.
Read more Security Think Tank articles about achieving cyber resilience
Any policy and plan needs to undergo business continuity testing. Simulating a real-life scenario such as a terrorist or denial-of-service attack will test end-to-end capabilities; if that is not feasible, another option is partial enactments of key sections.
Plans should be supplemented with relevant business controls, such as the ability to isolate and quickly quarantine individual machines that are infected, to restrict the impact of further contamination.
Building resilience in advance will help to minimise the impact of a cyber attack. It is also important to remember that many of the options outlined above are both straightforward and constitute good business practice, further building the case for their implementation.