Empty cheese shelves in Dutch supermarkets, an inaccessible advertisement planning system of RTL and inhabitants of Twente who cannot apply for care. What do these events have in common? All are the result of ransomware cybercrime attacks. Cybercrime in the Netherlands has increased by 127 percent in 2020 compared to the previous year. For 2021 a similar rise in cybercrime is expected (source: OM). In this insight we explain 7 steps to prevent cyber attacks.
In essence, a victim of a ransomware attack has three options to deal with this crisis: Alarming the police, hiring a cybersecurity company to deal with the threat, or meeting the demands of the attacking party. A major downside to the first two options is that they both take time. Time which the affected organisation often does not have as it is unable to operate until the issue has been resolved.
As such, meeting the demands of the attackers and paying up often seems like the fastest way to get your access back and get back to operation. Naturally, cyber security agencies recommend to not give in to ransomware demands. Not only do successful attacks incentivise more cybercrime, but it is also uncertain whether the malicious party will keep their word. In addition, you are still vulnerable to a new attack if the root vulnerability is not addressed. Either way, a ransomware attack impacts your organisation financially.
Explainer | Log4j Vulnerability
Software applications and websites typically use logs to capture information on all traffic and use of an application and/or website. Apache Log4j is a Java-based open-source logging framework that is widely used in a range of software applications. The vulnerability allows attackers to inject and execute code into applications that use Log4j. This vulnerability, coined Log4shell, impacts businesses worldwide, big and small. Basically, any computer that is connected to the internet that uses an un-patched version of the Log4j software is open to attack from hackers.
Vulnerability of Small and Medium Sized Enterprises
With accelerating digitalisation of businesses, the risk of cyberattacks happening increases as well. Not only small and medium-sized enterprises (SME) are the victim of cybercrime, even Apple, Google, Amazon are vulnerable as the recent Log4j vulnerability showed. This piece of software is used for logging and as such runs on computers all over the world, leaving 80 to 90 percent of all companies worldwide vulnerable for an attack (source: De Volkskrant).
Big companies have cyber security teams in place to actively work on preventing and resolving cyber threats. However, small and medium-sized companies often do not have the required resources to set up such a department and/or hire external cyber security experts. Therefore, they are mostly unaware whether they are vulnerable to a cyber-attack. So, the question arises how do you deal with (the discovery of) such exploits?
Unfortunately, there is no panacea against ransomware attacks. The goal of ransomware is often financial gain. That is why we recommend protecting your network with an in-depth defence system, so that a malicious person must put in more effort to perform a successful ransomware attack. Criminals will estimate the potential profit and give up if the attack is likely to take too long in proportion. The old credo, better safe than sorry, is applicable here. In addition to this, the following 7 steps can be taken by any organisation to prevent and limit the damage of a cybercrime attack.
7 steps to prevent cyber attacks:
- Create a vendor relationship list
- Test your defensibility against phishing
- Organise vulnerability management, patch management and
- Network segmentation
- Limit the possibilities of code execution
- Filter web browser traffic
- Limit USB Usage
Naturally, governmental cybersecurity agencies are keen on helping companies increase their defence against cybercrime. For example, take a look at the following fact sheet on ransomware by the Dutch National Cyber Security Center (NCSC).
1. Vendor relationship list
One of the most important recommendations is to create a vendor relationship list. This list is an inventory of all third-party software that is used within your organisation. If this list is complete and readily available when a vulnerability comes to light, a quick response is possible. Typically, national governments publish an inventory of affected software if a vulnerability comes to light. By crosschecking all software used in your organisation with this government provided list, you can quickly discover whether, and how vulnerable you are to an attack.
The recent Log4j vulnerability showcases how a vendor relationship list could help. When the vulnerability came to light in December, it was hard for companies to make a risk assessment, as the logging framework is ingrained in a wide range of applications. However, NCSC has published a list of software products that uses Log4j and is thus affected by this vulnerability (source: Github). By simply crosschecking your vendor relationship list with the information supplied by the government, you quickly see how vulnerable you are and which software needs to be updated or taken offline.
Naturally, it is possible that your organisation uses custom-made software which is not in scope of the cyber security agencies. A way to include this in your vendor relationship list is by requiring the vendor to list all software and dependencies with the delivery of the software. This enables you to assess the custom software without the help of the vendor.
2. Defensibility against phishing
Phishing is a type of social engineering in which the goal is to steal user data. The most common form of phishing is through fake emails. Defence against phishing consists of a combination of training employees to recognise phishing attempts, setting up clear process for reporting malicious emails, and technical measures such as spam filtering.
3. Vulnerability management, patch management
One of the most important measures against vulnerabilities in operating systems, web browsers and applications is keeping your software up to date. Software updates often contain patches to provide the software with protection against known vulnerabilities. Therefore, managing your updates and making sure that all available updates are performed in a timely manner is an important step in your defence against cybercrime.
4. Network segmentation
By dividing you network into functional segments you set up an additional layer of security. User access can be restricted to only segments that are needed. Limiting traffic between segments, only allowing traffic that is trusted and setting up proper password management and Multi Factor Authentication further hinders malicious intent.
5. Limit the possibilities of code execution
Another action to enforce the digital defensive systems of your organisation is to disable macros within your systems. A macro is an automated input sequence that imitates keystrokes or mouse actions. It is typically used to replace a repetitive series of keyboard and mouse actions. This automated characteristic makes macros not only commonly used in spreadsheets and word processing applications like MS Excel and MS Word but also one of the preferred attack methods for hackers.
6. Filter web browser traffic
Use a proxy for your outbound web traffic. A proxy is a programmable gateway between users and the internet. Therefore, installing such a server allows you to blacklist known malicious websites making them inaccessible for your employees to visit.
7. Limit USB Usage
The internet is not the only gateway to your secure data. The initial entry is also possible by plugging in an infected USB flash drive. Therefore, only allow approved USB storage devices and limit the number of users that need this kind of storage.
Despite the rising cybercrime rate and the potential negative financial impact, most small and medium sized enterprises are an easy prey for cybercriminals. Hackers can use malicious software to affect any organisation that has not taken the right measures. Therefore, it is crucial to reinforce your defensive systems by preventing a possible breach and limiting the impact of a cyberattack. By doing so hacking your organisation becomes an unprofitable, time-consuming activity too expensive to undertake.
Would you like to know more about preventing and/or limiting the impact of potential breaches for your organisation by cyber-attacks? Or would you like to have a (digital) chat about a specific challenge? We would be delighted to tell you more about our experiences and how we can help your organisation. Please contact Casper Rutjes (CTO) at firstname.lastname@example.org, or check our contact page.