Enterprise security: When new technologies bring new threats

The digital revolution took over the world a few years ago and only now have we begun adjusting to its dynamics. In the event of digital solutions like cloud, analytics and now artificial intelligence enabling fast tracking of processes, we can no longer ignore the potential repercussions, if improperly deployed.

A notable observation is the inadequateness of the existing security paradigm, in protecting applications and data against malicious attacks. With this emerging reality, it has become necessary for businesses to re-evaluate their security approach and identify gaps responsible for exposing sensitive data.

In today’s expanding threat landscape, there are a number of areas organizations should focus on that are crucial for an organization to ensure security and sustenance:

Re-evaluate your patching strategy
Malicious attacks from unknown sources can easily lead to the downfall of an enterprise, irrespective of its size. Ransomware in particular can considerably harm systems if a patching strategy is not in place or its application is delayed. Organizations should consider not only increasing the frequency of their patching, to ensure the latest patches are being deployed, but also how quickly patches can be applied to the entire network. Patch ..

Revisit your cloud endpoint strategy

According to IDC, 70 per cent of successful breaches begin at the endpoint. Though application specific security policies, virtualization and containerization can avoid data theft or hacks on end point devices like mobiles and laptops, danger continues to loom, especially for endpoints that allow cloud technology optimization. An understanding of this risk mandates development of an end-to-end strategy to safeguard endpoint devices that can be an easy prey for malicious attackers.

Bring inclusivity among stakeholders
While the IT and security team take up the task of safeguarding software, devices and processes from unwanted external forces, sometimes the problem may lie closer to home. Business leaders must turn their attention to their very own employees or their frontline forces. BYOD and flexible working have now become a norm across sectors. However, this could be harmful to the company in the event of negligence and lack of clarity with regards  ..

Automating the mundane
A report by Cyber Safety and Education, highlights there will be 1.8 million unfilled positions in security by year 2022. In order to address this skill gap concern, organizations’ can look at automation as an efficient aide, responsible for tasks that require limited to no human intervention. The idea is to give employees more time to invest in business development decisions by shortening the length of their to-do list. As AI and ML get smarter, emplo ..

Having said that, what remains clear is that disruptive technologies are progressively becoming an integral part of IT set-ups. Though newer technologies and their advantages are irrefutable, what one cannot forget is that their deployment comes with its own set of threats. Therefore, understanding the risks associated before taking the plunge is crucial. At the end of the day, it all boils down to understanding what your business needs and accordingly re-structuring to ensure continued growth.


5 simple tips to keep your business secure from cyberattacks

According to a recent report by security software firm Symantec, India ranked third among the countries with the highest number of cyber threats detected and second in terms of targeted attacks in the year 2017.

While there is a common myth that cyber attackers are more interested in going after the big fish, a survey by Verizon says that 58% of all cyber attacks are targeted towards SMEs.

Several experts have cited the urgent need for SMEs to secure their online premises, however, many SMEs do not go beyond installing a basic anti-virus solution. Given the fact that the same Symantec report elucidates on how complex cyber attacks (ransomware and network attacks) have increased in India in terms of global percentage, SMEs need to implement stronger solutions.

The five top tips that SMEs should follow to secure their online presence:
Robust governance framework
: It is essential to define a governance framework for your company’s information systems. A good framework will include enterprise-wide information security policy, which should encompass internal security priorities, company’s mission and objectives. Every industry sector has its own separate laws and policies and regulatory compliances that the internal company policy need ..

Since India does not have a cyber security law, it falls on the companies to create their own framework. A good place to start is the National Institute of Standards and Technology’s cyber security framework, a globally recognised framework.

“It all may sound heavy for SMEs, but unless you have a strong governance framework, it does not matter how much you spend on tech products or solutions. Over the time we have seen it not working because when the company reaches a high altitude, the deeper their drop is,” explains Verizon Enterprise Solutions, Managing Principal (APAC), Ashish Thapar.

Thapar adds that SMEs can even baseline their framework with ISO 27001, an IT standards management system, which demonstrates that the company is following information security best practices.

Implement strong network security measures: Network security entails managing access to your company’s cyber network and preventing entry of unauthorised persons. This involves putting in place email gateway filter, web browsing or proxy gateway filter, and DNS (Domain Name System) security safeguards. DNS bundling attacks are on a rise because DNS is the main underline traffic of the entire internet communication.

Security hardening of systems: Hardening, in computing, translates into securing a system by limiting its surface of vulnerability; the more functions a system performs the more open it becomes and therefore, more vulnerable to possible attacks. The SMEs can follow the global, free of cost, security benchmarks created by organisations like Centre for Internet Security. These standards can be ascribed to for hardening existing systems and ensuring that the systems run only those  ..

The hardening of systems can be performed on all systems run on internet, including web servers and network security devices.

“A lot of companies have also invested in technology like Internet of Things (IoT) which falls under operational tech systems and not necessarily, IT but the companies need to do a lot of patching and hardening in here as well,” says Thapar.

Regular log reviews: Maintaining log reviews are essential to detect suspicious activities at the earliest. Enable adequate log in and ensure log reviews are done on a regular basis. It gives you visibility which helps in understanding the activities in your internet infrastructure and tells you which system is talking to which, where is the traffic flow happening, and such.

“Unless you have baseline of your typical and usual communication, you will not be able to find out the anomaly. This makes a company entirely dependent on your anti-viruses, which are signature based tech and can only take you so far,” says Thapar.

Two-factor authentication: While having a strong password is the first step to secure your data; however, passwords will not be of any help in case of a keylogging attack. A keylogger is used to monitor and record each keystroke typed on a specific computer’s keyboard. In case of such attacks, the strength of the password is made ineffective and it is easy for the attacker to steal your credentials. “Enabling a two-factor authentication helps in mitigating this risk to maximum e ..

It is a must for ensuring the safety of a company’s critical systems and applications

These five tips are most beneficial if implemented in the company inception stage itself. So, while you are brainstorming on the kind of business you want to get into and its requirements; do not ignore cyber security. “It may be difficult to implement in the design stage, however, the effort of implementing it later only becomes exponentially higher,” warns Thapar.

Seven ways to detect ransomware beyond antivirus

Ransomware is a creative malware that infects systems and locks down data, preventing users from accessing it until a ransom is paid. It can affect individuals and businesses alike, but can become a critical threat for enterprises dealing with huge amounts of data.

Once you are infected with it your data is more or less lost, unless backups are available. In these types of threats, it is better to focus on prevention and detection mechanisms before it is too late. Due to the evolving threat situation in the Ransomware space, it is ineffective to have a signature oriented approach to detection. The new breed of security products need to be multi-pronged and should be able to look at multiple dimensions to protect an organization or individuals from such attack

1. Secure Network Shares
At a basic level, none of the shared folders should have read\write rights to “Everyone” in the group. Malware needs to propagate further to maintain stealth and persistence in the network. It will have to find a mechanism to copy files to the connected target machines. Ensuring shared folders do not have open ended permissions can prevent this from happening. Tools to warn you of such violations should be deployed.

2. Regular Analytics on Service Usage
If you are not using any services, then it is better to stop them. Unused services are often not monitored and tend to remain undetected. Malwares look for such gaps and use them to piggyback and maintain stealth. Tools to detect such unused services will enable you to make decisions on stopping such services.

3. Detect Internal C&C Accounts
Malwares create local accounts to conduct activities in a stealth mode. Once a malware gets hold of a local account, its activities become authorized and an antivirus may not be able to flag it. The solution is to run periodic discovery tools for user accounts across the systems and detect such Command & Control accounts.

4. Actively Detect Rogue Browser Plugins
A common entry point for Ransomware is through browsers. Most times malwares are pushed into a system through malicious plugins that get installed by users while browsing. Tools that can continuously scan browsers across network endpoints and force its removal is needed.

5. Applying Threat Intel on Outbound Connections
Firewall, IPS, WAF, NetFlow and Proxy are devices through which outbound traffic of your organization goes through. The need of the hour is to have a tool that can sift through this outbound data across these technologies. Such centralized monitoring tools of all outbound traffic combined with the ability of the tools to apply Threat Intelligence on malware sites, IP addresses, C&C and Botnet URLs to the outbound traffic  ..

6. Scan for Indicators of Compromise
There is usually a delay in anti-virus signatures of new malwares and variants. Till the signatures are established you are at a risk. Some Ransomware type of malware does not have fixed signatures. They keep changing their signatures to avoid detection. In such a situation, other Indicator of Compromises (IOCs) should be used for detecting malware. There is a need for IOC-based scans rather than signature-based scans.

7. Detect Drive by Downloads
The indicators of Drive by Download are available in Proxy, NetFlow and DNS logs. Tools that can analyse such logs to determine patterns or outliers indicating Drive by Download behaviour is needed.

Conclusion
Ransomware uses new paradigms of stealth which makes it difficult to detect. Combating Ransomware type of threats needs multi-dimensional approach that focuses on a number of factors as outlined above. So to fight such threats, you will need to enable yourselves with tools that provide a comprehensive solution across these multiple dimensions.

Guarding the firewall: Ensuring cyber security for small businesses

The India Risk Survey 2017 report ranks ‘Information & Cyber Insecurity’ as the biggest risk facing Indian companies. Indian organizations, both public and private, had witnessed over 27,000 incidents of security threat, from January 2017 till June 2017 alone.

Phishing, scanning/probing, website intrusions and defacements, virus/malicious code, ransomware, Denial of Service attacks, and data breaches are some ways in which hackers attack business websites, which can cause operational disruptions and potentially steal sensitive information. Small and medium businesses (SMBs), unfortunately, have been seeing rising incidences of cybercrime. In fact, 70 percent of cyberattacks occur at organizations with lesser than 100 employees.

Forewarned is forearmed
In the words of Arne Josefsberg, Chief Information Officer of GoDaddy, “Perhaps the most important thing is to treat security threats seriously and to proactively assess your security measures. Many companies do not take security seriously enough until something bad happens. It is generally a lot more expensive to clean up after a security breach, than addressing it proactively.”

Let’s look at some must-have cyber security measures for SMEs:
Cyber hygiene: Basics still matter and are some of the best defenses against viruses, malware, and other online threats. Assess the assets that are most at risk – data, servers, network – and ensure that the systems are updated with the latest security software, web browser, and operating system. Implement firewall security and run antivirus software after each update.

Cyber security culture: Human vulnerabilities play as important a role as software loopholes. Mandate basic security practices and policies for all employees, such as 2-factor authentication, internet use guidelines and create and enforce rules on handling and protecting sensitive data. Conduct frequent training to sensitize employees about opening suspicious emails, encrypting their data, using strong passwords on their devices, installing security apps, and limiting activity

Business continuity plans: Ensure regular backup of all critical data – whether stored in-house or on the cloud. Run scheduled attack drills and stress tests to identify vulnerabilities and ensure that data restoration and business continuity are executed as planned.

Cyber insurance: After the WannaCry ransomware incidents, small businesses have learnt the potential harm and legal ramifications of an attack. Consider investing in cyber liability insurance to help cover liabilities arising from theft, loss of data, breach of security and privacy.

Vendor management: With many of a businesses’ assets either being hosted or managed by external service providers – be it your web hosting service or cloud hosting service – working closely with your vendors on a comprehensive plan for risk mitigation is critical. Take the time to understand the vendors’ security certifications, encryption measures, business continuity plans, emergency contact information, etc., to know exactly the level of risk your business is exposed

Constant Vigilance
Even as the boundaries of business assets blur with anytime, anywhere digital access, constant vigilance has to become the mantra of all entrepreneurs and small business owners. Cyber security needs to be brought out of the domain of ‘IT’ to make it a strategic focus area, right up there with the growth and development of the core business, to help ensure a long term stability of the business and its reputation.



Ransomware: Impact and action plan for Indian businesses

Ransomware Security

In May last year, the world woke up to headlines of mass ransomware attacks impacting countries, individuals and organizations. Investigations identified WannaCry as the culprit and proliferation of this ransomware, in a signific antnumber of cases, appeared to have been through a route that most of us tend to overlook – use of expired/pirated software. WannaCry exploited a vulnerability in a commonly used operating system to
spread which can pose a significant risk to businesses and individuals in India, considering the rampant use of expired and/or pirated software.

According to the BSA Global Software Survey 2016, about 58% of software in India is pirated and/or unlicensed. The world average, in comparison, is about 39%. Among organizations, it was found that globally about 25% of software used was unlicensed and this included heavily regulated industries like Banking and Securities. In the past, it has been estimated that at least 65% of victims of all targeted cybercrime attacks, including ransomware, have been small and medium organizations.

India’s experience with Ransomware
Most Ransomware encrypt specific file types on an impacted system and a ransom is demanded for the victim to regain access to these files. In some instances, built-in algorithms identify files created most recently and in others files accessed most frequently. WannaCry is different because it moves across a network without human intervention, and which perhaps is the reason for the ‘epidemic’ like environment it has created.

Prior to WannaCry, there have been several cases of Ransomware attacks in
India in recent times. Many have gone unreported and in several cases the
“ransom” up to over 50 bitcoins has been paid. The results have been
mixed, where in some instances, individuals have got access to their encrypted files and in others the files continue to remain encrypted despite ransom payment.

In our experience a number of individuals, smaller businesses and perhaps
some larger organizations in India continue to use versions of the affected
operating system that are no longer supported by the publisher. As a result any inherent vulnerabilities that were undiscovered or unaddressed at the time support was discontinued by the publisher may continue to exist. Inadequate IT support can also result in critical updates not being applied.

This is further complicated by people using pirated versions of antivirus
software, where virus definitions are not updated and hence, spyware and other forms of malware attacks go undetected.

he result? Loss of confidential data, increased exposure to further
cyberattacks, and increased cost of battling a ransomware attack.

What
can organizations do to prevent ransomware attacks?

Firstly, organizations need to address infrastructural issues. If business can
benefit from use of.
technology, then it is important that cyber security is built into the infrastructure, as the cost of addressing a breach can end up being more expensive than investing in the right mechanisms to create a line of defense.

This includes purchasing and installing genuine operating systems and office applications, mechanisms to track release, and application of security updates and internet security software. In addition, based on business context, measures such as spam filters, firewalls etc. can also be deployed.

Secondly, it is critical that businesses understand that people continue to be the weakest link in cybercrime. While WannaCry’s dependence on people to self-perpetuate is limited, most other malwares, including Ransomware rely on user action to spread.

Employees and other individuals need to be more aware of the dangers that lurk in cyberspace-that no stranger in another country is going to pay you a million dollars, attachments in emails that are .exe, .zip or .scr should generally not be clicked on without checking with the sender, and that one should be wary of emails from unknown addresses whether or not they have attachments or links. Caution should also be exercised while clicking on web links, especially those embedded in emails.

Thirdly, it is critical for businesses of all sizes to have a plan around backing up information residing on computer systems. While large organizations tend to invest in automated backing up mechanisms, small organizations could do something simpler such as backup on external hard drives periodically. This would allow access to most files even if a user’s computer system is locked down due to a Ransomware attack.

However, we believe that this action has resulted in cybercriminals being encouraged to repeat such attacks in the future. It is therefore recommended