On 12th May 2017, unprecedented ransomware attacks swept the globe, exposing the widespread vulnerability of enterprise systems. The virulent ransomware – WannaCry – spread to over 200,000 computers across 150 countries. Some of the most alarming reported instances impacted critical medical and transportation services, leading to disruptions such as the postponement of surgery in the UK, delayed package and parcel deliveries, and blocked public information display systems for trains and transportation systems.
The prime reason WannaCry was so successful in spreading its tentacles on such a wide scale is because of its ability to move across the organisational network without user interaction, by exploiting a known Microsoft Windows vulnerability. Many organisations simply hadn’t patched their systems, leaving them exposed to the threat.
The WannaCry ransomware attack should have served as a wakeup call for every enterprise on how cyber–attacks can impact their operations and revenues. Every day, cybersecurity threats continue to rise and get more sophisticated, with more severe repercussions, but we still see companies approaching cybersecurity in the same way.
In the face of an always-changing landscape of cyber-threats, global enterprises should be formulating and implementing an adaptive and constantly evolving approach towards their security. Here are four steps an organisation should go through to achieve this dynamic cyber defence:
1. Maintain Basic Cybersecurity Hygiene
While most enterprises are focusing on niche security technologies or investing in next–generation security controls, they have de–prioritised the basics of security operations. This includes regular patching and updating systems; educating end users about the threats they face and how to recognise them; limiting access to administrative accounts and continuous vulnerability assessment and corresponding risk mitigation. These are but a few basic best practices, and something that all enterprises should be doing as standard procedure.
2. Proactive & Predictive Threat Monitoring
For enterprises, continuous monitoring and corresponding security protocols help towards proactively defending against threats. To stay on the front foot in the battle against cyber criminals, organisations need to implement security analytics, and utilise the power of machine learning, behavioural analysis and vulnerability modelling to detect and mitigate the threats targeting them before an attack has been executed. Taking this proactive approach to enterprise security will allow companies to take the fight to the bad guys, instead of simply reacting to a breach.
3. Integrate Global Threat Intelligence
Global threat intelligence, integrated with a security monitoring tool, is a great way to gain visibility and actionable insights into the threats that a company faces. With the rise in the number of sophisticated attacks, companies need collaborative threat intelligence platforms that can aggregate information from a variety of sources and intelligence feeds from across the business, instead of having a siloed and fragmented view of the threat landscape.
4. Implement A Holistic Incident Response System
Enterprises need to move away from ‘prevention only’ approaches, to holistic detection and response mechanisms. It is important to have integrated and robust incident response systems, which are automated and orchestrated to stop, contain, eradicate and remediate the impact of future threats. Gartner expects spending on enhancing detection and response capabilities to be a key priority for security buyers through 2020.
To ensure their systems are as secure as possible, enterprises need to renew their focus on these four key capabilities, or they risk the loss of their data, time, money and most importantly, their credibility. The ongoing stream of ransomware attacks prove that protection can never be considered complete and that companies need to be constantly evolving to prepare for the increasingly complicated methods of attack that we are likely to see in the future.
Most modern attacks are a result of lack of awareness and education on the part of users, or simply the organisation failing to go through best practice procedure. In order to create a safer environment, enterprises need to move away from the static security stance we see many adopting today, to a more dynamic one.
However, threats such as ransomware do not always necessitate advanced security toolsets for defence. A proactive and planned threat protection approach, with support throughout the enterprise security journey can help organisations to securely grow their business, while remaining compliant with all the business and regulatory requirements. Cybersecurity leaders need to adapt and evolve against their security challenges to inspire overall business confidence through a more proactive approach. Those companies that don’t can expect a rude awakening when the next major attack hits.