WannaCry Ransomware: 5 Tips To Stay Guarded

by Priyanka Pugaokar    May 30, 2017


After a major outburst of WannaCry ransomware attack, the organizations worldwide are evaluating their security architecture for loopholes. While there are several reasons why organizations fell victim to the WannaCry ransomware attack, the most critical reasons were underestimation of cybercrime syndicates and lack of awareness about regular patching of IT systems for latest vulnerability.

This incident highlighted the need to have cybersecurity solutions that are able to protect organizations from vulnerabilities that they didn’t know existed. Therefore, it is a high time to identify network and the security gaps that exist and are putting the organization at risk. Hacktivists are targeting organizations around the world representing myriad industry segments and businesses of virtually every size. Therefore, conventional security approaches are not sufficient to mitigate the risk of ransomware attacks.

Advanced models using next-generation firewalls, layered security, and proactive threat intelligence are a requisite today. Similarly, CISOs and cybersecurity teams need to deepen their engagement to review their strategies and operational posture. Here is a list of five critical security postures that every organization should have in place to thwart sophisticated cyber threats.

#1. Set up Incident Response Team (IRT)

Internal confusion within the teams often delays the response to the cyberattack causing potential loss to the organization. Therefore, it is essential to establish an incident response team, with clearly defined roles and responsibilities assigned to team members. This team should also clearly understand lines of communication along with a chain of command. Most importantly, this team needs to be intimately familiar with business and communications processes and priorities. Organizations can also run drills to identify gaps in processes to ensure that IRTs are efficient and well equip to respond to the cyberattacks in real time.

#2. Limit Bad Consequences

Security planning needs to start with an analysis of the architecture with an eye toward engineering-out the bad Consequences.  More generally, consequence-based engineering involves understanding your key assets, determining what sorts of threats your organization is most vulnerable to – such as remote access denial, corrupted applications or data, or rendering key IT or operational assets unavailable– and engineering as much of that risk out by design, to eliminate or minimize the potential of such consequences if a threat is realized.

#3. Maintain Good Security Hygiene

Good security hygiene can thwart cyberattacks of any intensity. Organizations should establish and maintain a formal patching and updating protocol. In addition, a process needs to be implemented to identify and either replace or take offline those systems that can’t be patched. Cybercriminal often distribute fake email messages mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware. With that in mind, companies need to fine-tune their antispam settings and never open attachments sent by an unknown sender.

Systems belonging to government offices and BFSI companies are particularly important to secure, as they often handle very sensitive information, perform critical tasks, and are part of large networks. Therefore, Government entities should always be aware of the types of data they need to protect, what degree of technology-based protection they need, and they need to conduct periodic reviews to make sure they are up to date with the latest best practices and techniques. Making sure an appropriate mix of well-trained people, best practices-driven process, and proven security technology is in place is critical across the domain.

#4. Signature-based & Behavior-based Detection Tools

Protect the network by creating and using signatures. While new attacks are a real risk, most breaches are actually caused by attacks that have been around for weeks, months, or sometimes even years. Signature-based detection tools allow the company to quickly block an attempted infiltration’s execution. Similarly, Behavior-based security tools can look for covert command & control systems, identify inappropriate or unexpected traffic or device behavior, disable things like zero-day variants via detonation chambers/sandboxing, and correlate data to identify and respond to advanced threats.

#5. No More Outdated Legacy Systems

The cyber security preparedness varies from organization to organization. While large organizations give high priority to modern technology and strict security compliance small organizations are often seen using pirated software and do not update the legacy systems. Organizations irrespective of their scale of operations should establish a regular routine for patching operating systems, software, and firmware on all devices. For larger organizations with lots of deployed devices, consider adopting a centralized patch management system. Enterprise should also consider deploying IPS, AV, and Web Filtering technologies, and keep them updated. Most importantly, backup data regularly and also verify the integrity of those backups, encrypt them, and test the restoration process to ensure it is working properly.

Despite of taking all these majors if organizations get infected by ransomware, they should try to find out the name of the malware.  They should report the incident and collaborate with the police and cybersecurity experts to detain the adversaries and provide file restoration tools online.