Originally Posted by
rthonpm
Unless the feds are going to take over every corporate network, there's really not a lot they can do beyond setting up a means of reporting, triage, and recovery attempts. I would like to see some degree of punishment for blatantly poor practises, or even fines for paying ransom to recover data. The real issue with any kind of legislation is that it usually ends up being too generic to have any bite, or it becomes so restrictive as to lock processes into rapidly out of date methods.
A lot of these groups are in Russia, but tied to organised crime as opposed to the government. The Putin regime is willing to look the other way due to the fact that the attacks are focused on the West. A case in point: several security researchers have found code in multiple malware samples that prevent the code from executing if the primary language on the computer is Russian or other Cyrillic languages. It's similar to malware instances that won't run if the hardware identifier of the system is a virtual machine, as it may be an attempt by a security researcher to examine the malware.
These types of attacks are relatively cheap and have been going on for years. There's certainly more coverage of them now, but sloppy security has been an issue in tech for years. Even worse, it's not often the fault of IT but rather Finance or management which fails to invest in either enough staff or up to date software/hardware.
Outside of a targeted nation state attack, like Stuxnet, most of these attacks could be prevented by:
Strong passwords
Limiting exposure to the public internet by critical systems
Not using administrator accounts for regular tasks
Not using end of life operating systems or software
Keeping all operating systems and software patched to the current levels
Network segmentation
Not clicking on unsolicited links in emails or websites
Have current and tested offline backups of critical systems and applications
Maintain an inventory of all systems and user accounts as well as their purpose
Document and have a plan for disaster recovery
All of this is easy to do, but in the corporate world it becomes a question of scale: you need the staff to ensure that hundreds to thousands and systems spread over multiple locations and/or time zones are kept up to date and properly managed.
I've been fortunate enough in dealing with small business for the most part that if disaster does strike it's easy enough to start over from backups. The one instance with a larger business, I was able to get a professional security firm involved for a full incident response.
Sent from my BlackBerry using Tapatalk
Bookmarks