Ransomware is Still a Threat and Gets Lots of Press

Arabian Reseller speaks to Morey Haber, the Chief Technology Officer at BeyondTrust, about the evolution of the regional threat landscape and what CXOs need to do to stay ahead in protecting their business

What according to you are the new potential threats and emerging risks in this part of the region?
There has been an interesting trend if you follow the daily barrage of security breaches, malware, and other related incidents. Ransomware is still a threat and getting plenty of press, but there has been a recent uptick by threat actors using the same delivery mechanisms to deploy crypto-mining malware and it is region agnostic.

Once installed on a target, it remains hidden, mining for electronic currency instead of blatantly asking for a ransom and causing a disruption. Why? Simply put, if the malware can remain present and undetected, the threat actors can leverage your resources over a longer period of time and potentially make even more money at a lower risk than taking your system and data hostage.

Since they are “just” stealing your computing power you may not even know, and in the end, they have compromised resources potentially all over the world to create crypto-mining farms. This is an interesting new trend for 2018, and with the public hype over electronic currency, it is something that can easily create revenue for rogue nations or other sponsored threat actors.

Of course, all these methods leverage vulnerabilities, exploits, social engineering, and other drive-by delivery methods already associated with other malware and threats. In order to stay protected, we need to keep our basic cybersecurity hygiene in check:

  • Ensure anti-virus solutions are installed and signatures are up to date to detect and prevent this malware
  • Remove the end of life operating systems from your environment since they are no longer receiving security patches
  • • Perform regular vulnerability assessment scans to identify at-risk devices and install security patches in a timely manner
  • • Remove administrator rights from all workstations to prevent drive-by malware
  • • Educate users on the risks of social engineering and how to detect a phishing or spear phishing attack
  • • Leverage application control to mitigate illegal execution of applications within their environments
  • If we can keep these six items in pristine order, from policy to operations within our organizations, the chances of becoming a host of crypto-mining malware can be minimized.

Security is a responsibility that needs to be shared among employees. Do you believe in this statement? Why?
Cyber Security is the responsibility of all employees and executives within an organization. There is no technology alone that can stop all cyber threats. None. This implies that in order to stop a threat actor, it needs to be a blended model for a successful defense.

This includes:

  • Employee and leadership education
  • Integrated security solutions
  • Policies and procedures governing workflows and implementations
  • Service level agreements for monitoring, measuring, and mitigating risks
  • All of these involve technology and employees and require the responsibility be shared among everyone, all the time, in order to be successful.

The convergence of mobility and cloud has brought forth new areas of compromise. What do CXOs need to know in order to stay ahead of such security threats?
The emergence of new technology and the convergence of mobility, cloud, and wireless represents new risks to consumers and organizations. CXOs need to understand that the technology line for these services is blurred but there is a distinct difference between commercial and consumer-grade solutions.

Some solutions should never be allowed in a corporate environment simply because they do not implement security best practices for the cloud, mobility, or even wireless technology. For example, some personal assistants or even wireless devices do not have role-based access or allow for the change of default passwords.

This introduces an unprecedented risk to an organization. The same is true for third-party applications that claim to back up your phone to the cloud, remove duplicate contact information or even multiplayer games that access your contact information. These are a consumer grade and could leak, steal, or compromise information that would be a high risk to the business.

Therefore, as these technologies converge, CXO’s need to be aware of employee habits, applications, and use cases that could jeopardize resources sharing consumer and business-based applications and the risks the overlap represents.

What challenges do companies face when it comes to exposure to security threats?
Organizations face a wide variety of challenges when it comes to exposure to security threats. The most common are listed below:

  • No remediation or mitigation path for the end of life devices
  • Recommended remediation breaks workflows or applications and cannot be safely applied
  • No remediation or mitigation available from the vendor or for a custom application
  • Ownership of the resource that requires mitigation is unwilling or unable to fix the security risk
  • The volume or complexity of security risks is unmanageable by the organization
  • Lack of policies and procedures to mitigate security threats and measure success
  • The cost to mitigate a security threat is not within budget or financially feasible

How can CXOs make sure they have plugged security holes to minimise security risks and implications?
CXOs can ensure that they have plugged security holes to minimize security risks and the potential breach implications of implementing a Crawl, Walk, Run, Sprint strategy. You don’t need full coverage with complete systems integration from day one. A successful program can always be expanded.

Start (crawl) by identifying the most critical assets and services at risk. Demonstrate value and expand (walk) the program in accordance with the overall plan. Starting with a smaller scope introduces other stakeholders to the vulnerability and remediation processes without overwhelming them with 1000s (run) to “to dos”.

It also provides a defined timeframe to iron out deficiencies, uncover additional resource or technical constraints, prove value to secure additional budget; and enables asset owners to address critical items without being overwhelmed. Finally, you sprint when all the workflows, technologies, and processes are working like a well-oiled machine.

Insider threat is a major concern in today’s business environment. How can this be mitigated?
All organizations should also regularly perform these tasks to keep their systems protected:

  • Ensure anti-virus or endpoint protection solutions are installed, operating, and stay up to date
  • Allow Windows and third-party applications to auto update or deploy a patch management solution to deploy relevant security patches in a timely manner
  • Utilise a vulnerability assessment or management solution to determine where risks exist in the environment and correct them in a timely manner
  • Implement an application control solution to allow only authorized applications to execute with the proper privileges to mitigate the risk of rogue, surveillance, or data collection utilities
  • Where possible, segment users from systems and resources to reduce “line of sight” risks

While these seem very basic, the reality is that most businesses do not do a good job at even the most basic security. If they do, the risk of Insider Threats can be minimized by limiting administrative access and keeping information technology resources up to date with the latest defenses and security patches.

Who are the stakeholders the CIO should partner with to make sure insider threats can be minimised?
CIOs should partner with the following departments in order to minimize insider threats:

  • Human Resources – to develop a policy and documented discipline if Insider Threat is detected. This also includes end-user education
  • Auditors – to identify patterns of events that may be Indicators of Compromise for an Insider attack
  • Security Teams – to identify Insider Threats and use security solutions adapted for user behavior analysis and threat analytics
Show More

Chris Fernando

Chris N. Fernando is an experienced media professional with over two decades of journalistic experience. He is the Editor of Arabian Reseller magazine, the authoritative guide to the regional IT industry. Follow him on Twitter (@chris508) and Instagram (@chris2508).

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button