Malware use is on the rise, with 323,000 new strains identified per day, according to one industry estimate. Hackers are increasingly offering mass production of malware and tailored cyber criminal services to earn more money and develop techniques that will avoid detection for longer periods of time. While organizations can certainly patch their vulnerable hardware and applications, 99 percent of malware is modified once it’s seen so that it can continue evading security tools across other vulnerable systems, according to Verizon’s 2017 Data Breach Investigations Report.
With the pace of malware evolution, it’s very difficult for businesses to ensure that they’re secure. As a result, malware attacks have caused significant downtime for affected organizations, along with associated damages. The attack on shipping and logistics conglomerate Maersk is one of the most recent examples. According to The Digital Guardian, the company experienced a NotPetya cyber attack that disrupted its critical systems, resulting in an outage that cost $200-300 million in losses, among other consequences. Rather than becoming a victim to malware-induced downtime, it’s time for businesses to take action. Let’s take a closer look at four ways that will help protect critical systems from infection and disruptions:
1. Segment Your Assets
A flat network with administrative and critical infrastructures existing on the same plane can be a significant source of security hazards for businesses. CSO Online contributor Tom Olzak noted that in this type of environment, information can flow to and from critical systems with little or no control, and remote attackers can see these vital assets when scanning the network. Organizations must segment their network from the vendor support solutions and other administrative solutions. Regulations even require payment card processing to be separate from internet access and internet-enabled networks. By segmenting some of your most important systems, you can instantly create a much smaller threat surface.
Software patches and updates will be necessary to protect systems.
2. Enable Patches and Updates
With so many devices and applications active across the network, it can be difficult to ensure that everything is up-to-date. Nonetheless, updating your assets is critically important to protecting your systems. Organizations that didn’t roll out patches from the WannaCry incident were affected when the ransomware made a second round and NotPetya’s campaign impacted businesses. If organizations had simply installed the patch, they wouldn’t have had to suffer another malware strain that used the same Windows vulnerability.
Conducting patches, updates and monthly server maintenance is a time-consuming process for IT teams. Rackspace estimated that 10 or more hours a month per server are spent on patches and support-related activities. Since these upgrades are necessary for fixing critical security issues, ignoring them will only cause more problems in the long run. Rather than rely on internal manpower, businesses can rely on auto updaters to schedule necessary maintenance and keep everything current. This will close critical gaps and give back time for strategic IT projects.
“Leaders should also look at their systems from an attacker’s view to help identify gaps.”
3. Prioritize Based on Risk
Business leaders must take a critical look at all of their important systems and gauge the risks for each one individually. Some might not need a quick recovery, while others are essential to bring up right away to minimize operational disruptions and the consequences of downtime. Prioritizing these systems should be rooted in the organization’s value chain. McKinsey & Company recommended focusing on gaining information necessary to make decisions on priority assets.
Particularly high-impact or complex risks will require deeper analysis to direct investment decisions and protect these critical systems appropriately. Leaders should also look at their systems from an attacker’s view to help identify gaps and protect information that will be the most valuable to capable cyber criminals. By prioritizing the most important and highest risk assets first, organizations can help minimize downtime and overall damages caused by malware and other cyber attack techniques.
4. Layered Protective Measures
When considering your critical systems, leaders might stand to reason that endpoint security is the key to blocking threats. However, a majority of malware comes from email and web-based sources. It never needs to reach the endpoint level at all, if dealt with appropriately at the beginning. Endpoint security is a necessary piece of the puzzle, but it’s not a silver bullet for protection efforts. Forbes contributor Chalmers Brown suggested using measures including off-site storage of backups and data, anti-exploit tools, firewalls and active monitoring. By implementing a variety of safeguards like application control, anti-virus and reboot to restore solutions, organizations can facilitate end-to-end protection. It will make it easier to detect and mitigate issues early on and minimize potential damages resulting from malware.
The cost of downtime is rising exponentially, and it’s not just money that organizations will be paying for their security mistakes. Businesses that experience breaches and downtime are more likely to lose customers and will miss critical revenue opportunities. Rather than take this risk, leaders can take action now to mitigate downtime and protect their critical systems. For more information on how to secure your own important assets, contact Faronics today.