Warnings about ransomware will likely continue in 2021. Yet a critical component of cyber security is still often overlooked in commentary about the topic.
This often-ignored component is the visibility of IT networks and endpoints – a pillar of IT hygiene.
Slow visibility of endpoints can result in lingering uncertainty about what data was compromised. A delay in determining the damage from an attack can leave people uncertain and exposed, destroying trust in an organisation.
In a time when digital transformation has leapt ahead and working from home has increased, it is no longer acceptable to rely on outdated endpoint management tools, policies and cultures. IT hygiene needs to step into the spotlight.
Ransomware makes a compelling use case for focusing on IT hygiene.
Ransomware often targets organisations with endpoints that expose Remote Desktop Protocol (RDP) to the internet. Automated brute-force attacks using common administrator usernames can provide access to these systems. Once successful, the RDP hosts can be used as a foothold to target the rest of the environment. Even if a victim manages to detect or prevent subsequent stages of the attack, failure to identify and resolve these vulnerable entry-points will leave the network susceptible to re-compromise.
This scenario highlights that most security issues are caused by a basic hygiene failure that could have easily been identified and corrected with the proper network visibility and tools, and simple user education.
Five steps you can take now to improve your IT hygiene
Are your security hygiene practises as strong as they can be? Is your organisation ready to withstand the next attack?
Here are five steps your organisation can take now to improve your IT hygiene:
- Assess your organisational obstacles. Are your security and IT ops teams working in tandem? If not, where are the areas of friction and how can these be addressed?
- Know your environment. If your CIO asks how many unpatched devices are on your network, can you answer accurately? Will your answer be based on the current state or on information you gathered a week ago? What about your current cybersecurity solution stack? Is your anti-virus software running and up-to-date?
- Consider how often legacy processes are holding back the improved capabilities of the technology you use.
- Declutter your infrastructure. One of the oft-cited issues in the WannaCry incident was the challenge of updating operating systems in an environment laden with legacy apps. If you’re running a business-critical application which requires you to keep an outdated OS on life support, it’s time to rethink your vendor relationships.
- Many ransomware attacks are said to originate when an employee clicks on a malicious link, opens an infected attachment, or visits a compromised website. Invest in ongoing training for employees to protect against phishing attacks – they should be your first line of defence.
As the world adapts to remote working, we encourage governments and organisations – especially those that supply to government and potentially put citizen data at risk – to prioritise endpoint visibility and cultural change in their cyber security plans.