Every day, new attack vectors and malware scripts are discovered that take advantage of previously unknown vulnerabilities. These so-called zero-day exploits, along with actions that take advantage of known issues (on unpatched systems) and social engineering, pose a formidable challenge for any IT organization. The cybersecurity industry has responded by creating solutions that can deal with known and unknown threats. From software programs that recognize known malware code, to solutions that can detect unknown threats by identifying behavioral patterns and “virtually” separating them from networks, the solutions for the prevention and detection of malware have grown increasingly sophisticated. Overall, a three-pronged approach is recommended to securing systems and networks from attacks and malware. Let’s now look at each of these.
Start With Prevention
By shifting your mindset from “if” to “when” a cyberattack happens, certain activities which may appear burdensome, tedious, and sometimes are even ignored, will become relevant and important. Take, for instance, routine processes such as updates and patching. Although they may seem repetitive and thus sometimes become burdensome, they are still mandatory for any IT organization.
For more articles on data security, download the CyberSecurity Sourcebook 2017
Start with periodic or scheduled port and vulnerability scans and remediate any weaknesses that are found immediately. Network segmentation can limit the exposure to successful attack, and application blocking can prevent malicious code from being able to be run. Improved management of user access by either ramping up password policies or perhaps replacing them with more secure user authentication can prevent unauthorized access. Security experts recommend that it is important that the teams learn from these regular activities by either reflecting individually or discussing as a team how best to introduce practices for specific parts of the environment. By making sure that routine activities have a feedback component, we can convert them into internal projects that deliver valuable learning for the organization.
Educating Users
One of the biggest vulnerabilities in an organization is a human being. Social engineering techniques such as pretexting, phishing and spear phishing, baiting, and others take advantage of cognitive biases that are inherent to human decision making to gain access to systems or introduce malware. Therefore, having a culture of security that makes people aware of these biases and techniques to counter them is critical. User training around security has to be one of the central projects of any IT organization. Hours can be spent designing and implementing a highly secure IT infrastructure, but it can be breached when a single user clicks on the wrong file. Training has to be augmented with clearly defined frameworks and protocols for access to systems and data and periodic testing of those frameworks and protocols.
Detection and Remediation
Quick detection of intrusions or malware in the data center is necesary to minimize the scope and cost of an attack. Detection systems are either signature-based, in which the system looks for known patterns of activity on the network or systems associated with an intrusion or malware, or anomaly based to detect unknown attacks. All anomaly-based systems build a model of what is considered normal and compare current behavior against the model to detect attacks.