[ Friday, April 15, 2016 ]


More Ransomware: Five thoughts that you can tease out of recent articles like this one for dealing with cybersecurity threats:

  1. Old Software.  If possible, stop using old outdated software.  Sometimes you can't help it, because it's the only software that works for what you do, you can't afford to move to a new platform, etc., but if you can update your software, do so.  If you're using Windows XP, you deserve what you get (sorry, but that's the cold hard truth).
  2. Patches.  Whether you're using new or old software, keep your patches updated.  All software has vulnerabilities, since the developers can't think of every possible weakness; that's why Zero Day exploits exist.  Having a vulnerability isn't bad unless it's exploited, and most vulnerabilities won't be exploited on any given day.  But over an unlimited number of days, every vulnerability will be, so you've got to limit the days the vulnerability is open.  Bad patch management is a consistent feature of every ransomware incident I've been involved in.
  3. Connectivity.  Limit connectivity whenever possible.  You can't run your business if your systems can't talk to each other and to the outside world.  The safest website in the world is one nobody can access; it's also the most worthless.  So you need some connectivity; you need some internet-facing computers.  But the more "doors" you have to the outside world, the more you need to protect, and the more that can be exploited.  If you don't think you'll need that door, lock it.  If you're sure you won't need it, brick it over (sort of like the concept of epoxying USB ports to keep employees from plugging in infected flash drives).
  4. Backups.  Have good, usable backups.  This means two things.  First, you need to be generating backup copies of your important data as often as you can, or at least have the ability to recreate any changes made since the last backup.  This may require re-keying data, so consider that when calculating recovery time.  Also, consider retaining older versions of backups, to account for the possibility that the backup you've just made contains compromised data; for example, if an encryption program is already running and you don't know it, you could make a backup copy of encrypted data, which you could then save over the last good version of your data.  Storage is cheap, so if you're doing daily backups, you should also keep a version from the prior week's end, a copy from the prior month's end, etc.  Secondly, make sure those backups are virtually inaccessible.  Again, in recent ransomware cases I'm aware of, the programs look for data files with names like .bac, .bak, or that include the word backup in them.  They will encrypt your backups if they can get to them, so make sure they can't.  If you have the data backed up, even if your files get encrypted, you can recover without paying any ransom by wiping your system clean and re-installing the backup data.
  5. Training.  As Morgan Wright said at your presentation yesterday, training is like bathing, it's not a one-and-done proposition.  But balance it: don't let "alarm fatigue" inflitrate your training efforts and reduce their effectiveness, but train often enough that your staff knows what the problems are, what the current threat vectors are, and what they should be on the lookout for.  

Something to think about. 

Jeff [11:41 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template