Recently, a new version of NRSMiner was found actively
spreading malware in Asia by either updating existing NRSMiner infections or
spreading to new systems using the EternalBlue exploit. EternalBlue is the
exploit that was stolen by the Shadow Brokers, leaked to the public, and
responsible for the WannaCry and NotPetya outbreaks that crippled businesses in
2017. Today, nearly two years later, it’s still being used to spread malware to
systems that have failed to issue patches. Total losses resulting from WannaCry alone are
estimated as high as $4 billion, and ransomware remains a prevalent threat.
Patching challenges have often been at fault as more than 57% of successful
breaches can be linked, at some level, to unpatched systems. Unfortunately,
some existing risk and compliance solutions that organizations use to address
endpoint management rely on slow and incomplete legacy architectures. This often
makes it difficult and time intensive to see and locate unpatched or
noncompliant endpoints. And with successful patch compliance sometimes taking
some organizations as long as 90 days to achieve even 80% completeness, it’s
clear patching is a source of many disconnects. IT teams need to be able to act
with speed and confidence. Implementing a low touch, safe, and effective
patching strategy will help you reduce time installing security patches.Although patching combines a high risk of failure with
a low chance of getting accolades for doing it right, it should not be regarded
as an IT chore. Rather, it should be regarded as a means to remain resilient
against disruptions. Businesses can no longer afford to overlook the scale of
the threats they face. It is essential to align security, risk, and operations
teams to improve visibility and operate with speed. Unifying teams and
processes can also help businesses be agile and effective in the face of
constant growth and change.
That’s why a resilient organization can depend on its
people, processes and technology to quickly adapt to cyberattacks, outages and
other forms of disruption. Unfortunately, our research shows that over 80% of
CIOs and CISOs have admitted to holding off on crucial updates due to concerns
about the impact it might have on business operations. Given that global
cyber-attacks such as WannaCry were catalyzed by poor security hygiene,
organizations need to ensure that they can confidently maintain accurate
real-time endpoint visibility to protect critical assets, monitor impact, and
recover from the unexpected.To protect against future threats, here are five steps
organizations can take now, to avoid being caught in the next attack:
Assess your organizational obstacles. Are your security and IT operations teams working in tandem from a single, actionable data set? If not, where are the areas of friction and how can these be addressed?
Know your environment. If you are asked how many total endpoints -- patched or otherwise -- are on your network, can you answer accurately? Will your answer be based on the current state of your dynamic environment, or on information you gathered a week ago?
Eliminate fragmentation. The fragmentation of point solutions within IT security and operations teams has fundamentally broken many organizations, created by the implementation of a wide range of tools that are impossible to integrate. Make your organization more secure by unifying endpoint security functions to reduce the likelihood of a breach and enable rapid response to halt attacks quickly.
Declutter your infrastructure: One of the most cited issues throughout the WannaCry incident was the challenge of updating operating systems in an environment laden with legacy apps. If a business is running a critical application which requires keeping an outdated operating system on life support, it’s time to rethink.
Educate your employees: By various estimates, up to 83% of ransomware attacks originate when an employee clicks on a malicious link, opens an infected attachment, or visits a compromised website. Investing in ongoing training for employees to protect against phishing attacks should be your first line of defense.
A major security incident at the scale of WannaCry or NotPetya is one of the few events that can irrevocably destabilize a business. As organizations look to build a strong security culture in support of a resilient business, it is crucial that IT operations and security rally around a common set of actionable data for true visibility and control over all of their computing devices. This will enable them to prevent, adapt and rapidly respond in real-time to any technical disruption or cyber threat.By Chris Hallenbeck, CISO of Americas at Tanium
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
