Strategies to Mitigate Targeted Cyber Intrusions

WannaCry, Bad Rabbit and NotPetya… Sounds like things you may hear on the playground, but there's no playing around if you are talking about any of these.
 
The effects can be devastating to your business.

As one article I read put it, a cryptovirus can put your business "between a backup and a hard place".
(Our next blog will be about the importance of a rock-solid backup process.) 
 
A Cryptovirus is software that a hacker installs on a system after gaining access, usually through an email link to a user.

The software encrypts data on the victim's server and could also potentially attack any backups connected to the system. Then the hacker offers the victim a decryption key for a fee.
 
This could potentially halt your business for hours if not days.
 
A recent blog entry from Hornet Security, looking ahead to trends in 2018, has this to predict:

“At least one thing can already be said: In 2018, new and more complex methods of attack will set new standards again. The cryptojacking attacks, which are already growing rapidly in numbers, could, for example, be influential for the coming year. Cryptojacking is an attack method in which cybercriminals hijack foreign computers in order to dig for cryptocurrencies, mostly bitcoins.”
 
“According to estimates, 32% of the computers in the world are infected by malware. The losses caused by malware have been estimated at several billion dollars annually. In 2015 alone, users whose computers were infected with a cryptovirus paid out nearly $325 million in ransom. Public Safety Canada expects that the current world market for cybersecurity products and services will increase to more than $170 billion by 2020 and that the job market for cybersecurity professionals will grow by 6 million over the next four years. About 70% of Canadian companies have been victims of cyberattacks at a cost of about $15,000 per incident.”
 
These are some serious numbers. My next question is, how do we protect ourselves?
 
I went to Canadian Cyber Incident Response Centre (CCIRC) website and found some answers:
 
Threats and Incidents

Critical infrastructure organizations, businesses and provincial/ territorial/municipal governments who have concerns or information about cybersecurity threats or incidents, should contact the CCIRC as soon as possible
To stay updated:

The CCIRC issues alerts and advisories to their partners on potential, imminent or actual cyber threats, vulnerabilities or incidents affecting Canada's critical infrastructure.

Top 4 Strategies to Mitigate Targeted Cyber Intrusions

The Canadian Cyber Incident Response Centre (CCIRC) recommends that network administrators implement the following four mitigation strategies, which can prevent as much as 85% of targeted cyber attacks:
  1. Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run while blocking all others, including malicious software.
  2. Patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office. Vulnerable applications and operating systems are the targets of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  3. Patch operating system vulnerabilities.
  4. Restrict administrative privileges to operating systems and applications based on user duties. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.

Top 4 Strategies

This list of mitigation strategies has broad international consensus and is considered network cybersecurity fundamentals.
These strategies have been endorsed by the Government of Canada, including CCIRC and the Communications Security Establishment Canada.
The “Top 4” also underpin CCIRC's Mitigation Guidelines for Advanced Persistent Threats.
 
For more info on how to protect your business, click here
 
Sources for the information contained in this blog are below:
https://www.getcybersafe.gc.ca/cnt/rsrcs/pblctns/smll-bsnss-gd/index-en.aspx
https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/tp-strtgs-en.aspx
https://www.dailymercury.com.au/news/held-to-ransom-engineering-business-hit-by-hacker/3316568/
https://www.hornetsecurity.com/en/tag/cyber-crime
http://theconversation.com/cryptolocker-has-you-between-a-back-up-and-a-hard-place-20687
 

Return to blog