The latest report from the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) highlights the growing number of cyber-attacks against UK businesses over the last 18 months.
Among other things, the report found that 2017 was the year of ransomware attacks, massive data breaches, and supply chain threats.
The WannaCry ransomware attack that hit organizations across the globe last May spread quickly due to its use of a self-replicating worm. Over 300,000 devices were infected across 150 countries, with services knocked off worldwide, including the NHS. This attack proves that cyber-attacks designed to self-replicate and spread can have a detrimental impact on business operations and result in serious costs, from the remediation efforts, repairing reputational damage, and regaining public trust after the fallout.
The NCSC recommends that you do the following to protect against ransomware attacks:
- Deploy critical security patches as soon as possible
- Deploy an always-on antivirus solution that scans new files
- Conduct regular vulnerability scans and action critical results
- Implement application whitelisting technologies to prevent malware running on hosts
- Implement a policy of least privilege for all devices and services
- Establish configuration control and management
The report also found that the sheer volume of data breaches continued to rise throughout 2017. Many of these breaches were executed with very simple techniques like exploiting unpatched vulnerabilities and conducting spear phishing campaigns. Many of the large-scale breaches were found to have been linked to state actors- sometimes described as advanced persistent threats (APTs). Organizations will soon face a harsh reality with the enforcement of the General Data Protection Regulation (GDPR) in May 2018 if they fail to prevent data breaches from happening within their organization.
Yahoo admitted in October 2017 that all 3 billion of its customers had been impacted by the 2013 data breach. Equifax disclosed in September that the information belonging the 145 million US and 700,000 UK Equifax customers was compromised by attackers after a security vulnerability was ignored by the company for over 2 months. Verizon’s data belonging to 14 million customers stored in the cloud, controlled by a third party provider, was exposed to anyone who could guess the web address. But the worst has to be Uber. Uber was forced to admit that it deliberately covered up a year old data breach by paying hackers nearly $100,000 to destroy the data belonging to the 57 million accounts they had stolen.
The NCSC recommends that you do the following to prevent your organization from suffering from a data breach:
Protect Endpoints:
- Use up-to-date and supported operating systems and software
- Deploy critical security patches as soon as possible
- Implement application whitelisting technologies to prevent malware running on hosts
Protect the Network:
- Use firewalls and network segregation to protect services
- Deploy an always-on antivirus solution that scans new files
- Perform regular vulnerability assessments against both internal and external services to scan for any insecure configuration
Protect the Information:
- Implement a policy of ‘least privilege’ for all devices and services
- Use multi-factor authentication to protect sensitive information
- Ensure that all services are protected by strict authentication and authorization controls
- Use password managers to help prevent password reuse between systems
- Implement a practical monitoring and alerting service
New Net Technologies (NNT) is now part of Netwrix