Covid-19: Protect your business systems against cyber attacks
With all our energy of the past several weeks focused on adapting to the global crisis, security may have taken a back seat.
But cybercriminals haven’t forgotten.
FortiGuard Labs has monitored the threat landscape during this time and has seen a significant increase in threats targeting individuals through phishing and infected websites.
Email attachments can contain infected and malicious content, which explains why they recorded a 131 per cent increase in viruses during March, this year.
It also explains why there has been a reduction in traditional attacks as cybercriminals shift focus.
Incidents of ransomware are likely to rise as cybercriminals look to use compromised end user devices as a conduit back into a core network that may not be being watched as carefully as it once was.
Those working from home are especially vulnerable in the transition to a digital economy.
Organisations need to take steps now to protect their networks and networked resources from the growing problem of sophisticated ransomware.
While each network environment is different, there are things organisations can implement to reduce their risk from ransomware and other advanced threats.
- Wherever possible, patch and update operating systems, devices, and software. Make this a priority for your remote workers, especially those using personal devices to connect to the corporate network.
- For devices that can’t be patched, ensure that appropriate proximity controls and alerts are in place.
- Make sure that all endpoint devices have advanced security installed, such as anti-exploit and EDR solutions.
- Make sure that access controls, such as multifactor authentication and even Network Access Control solutions are in place.
- Segment networks into security zones to prevent the spread of infection and tie access controls to dynamic segmentation.
- Use inventory tools and IOC lists to prioritise which assets are at the most risk.
- Update your network IPS signatures, as well as device antivirus and anti-malware tools.
- Backup systems and then store those backups offline, along with any devices and software you may need in the event of a network recovery.
- Make sure that ransomware recovery is part of BCDR, identify a recovery team, run drills, and pre-assign responsibilities so systems can be restored quickly in the event of a successful breach.
- Update email and web security gateways to check and filter out email attachments, websites, and files for malware.
- Make sure that CDR (content disarm and recovery) solutions are in place to deactivate malicious attachments.
- Use a sandbox to discover, execute, and analyse new or unrecognised files, documents, or programmes in a safe environment.
- Block advertisements and social media sites that have no business relevance.
- Use zero-trust network access that includes virus assessments so users can’t infect business-critical applications, data or services.
- Use application whitelisting to prevent unauthorised applications from being downloaded or run.
- Use forensic analysis tools to identify where an infection came from and how long it has been in an environment. Ensure it is removed correctly from every device, and ensure it doesn’t come back.
- Plan around the weakest link in a security system.
- Proper tools, such as secure email gateways, for example, can eliminate most if not all phishing emails and malicious attachments.
- Leverage people, technology, and processes to quickly gather threat intelligence about active attacks on your networks and act on it, using automation where possible. This is crucial to stopping an advanced attack in its tracks.
Most organisations should have their remote worker strategy in place.
Now is a perfect time to review the steps outlined above, conduct a thorough review of your security policies, and make necessary adjustments.
Prioritise challenges and work through them one at a time.