Over the years, South Africans have become accustomed to learning about massive hacks and data breaches from international news sources – considering them something that only big corporations in digitally mature countries need to worry about. The recent panic surrounding the massive WannaCry malware attack has changed all of that, bringing into sharp focus not only the fact that South African organisations are as likely a set of targets as any, but also the fact that most are woefully unprepared for the next attack.
There’s no question that more large-scale attacks are on their way. The real question is, how will your business fare when the next malware attack comes knocking? Ian Russell, Aptronics Engagement Manager, weighs in on what businesses can do to avoid these attacks.
Employees are your first line of defence
WannaCry, like so many similar attacks, all began with a simple looking email. So small and innocent at first, but the email set into motion a chain of events that saw it grow to historic proportions in no time. Email, therefore, should be the first place an organisation looks when identifying digital security weaknesses. Unfortunately, email security is about more than settings and firewalls – even more critically, it’s about the people that use it.
Scammers are becoming more and more sophisticated by the day, and suspicious emails can no longer be relied upon to seem as fake as they are. Easily identified ‘Nigerian Prince Scams’, as they are commonly known, are giving way to false emails from banks and colleagues that are so convincing that even the most cautious would have a hard time telling the difference.
A vital step to preventing future attacks is educating your employees on an ongoing basis and to have a strictly enforced security policy in place for employees. Remember, preventing rapid malware spread isn’t necessary if you prevent infection in the first place.
Limiting the spread with micro-segmentation
The days when a perimeter firewall was sufficient are long gone. Cloud computing and mobility mean that your organisation’s weak spots aren’t anywhere in particular – they’re everywhere. Micro-segmentation can’t prevent a malware application from entering, but it can limit the scope of the damage once it does. Essentially, micro-segmentation technology creates a separate firewall for each individual workload. Traffic is then monitored and restricted between virtual servers. Should any irregular traffic between virtual servers be picked up, it is flagged and terminated.
Once it picks up that a machine is acting outside of its normal parameters, or trying to communicate with other machines that are outside its usual scope of operations, it springs into action, flagging the organisation’s antivirus software and perimeter firewall to immediately shut down the process and isolate the attack.
Follow the 3-2-1 rule
Ransomware can only get your organisation to pay up if it is able to access your data, while simultaneously locking you out. Having a good backup plan means that no attacker can separate you from your data, although they may be able to duplicate it for their own purposes (for example, to sell it to a competitor or to release it publicly). The 3-2-1 rule is well known to security and backup experts, and is a fool-proof way to ensure that your information is always available when you need it. It’s also simple to follow:
• Make three copies of anything you care about
• Save it in two different formats (for example, both in a data centre and in the cloud)
• And ensure you always have one off-site backup
You can’t always keep hackers out of your computer systems, so take steps to protect the data contained within those systems. Encrypting your data should also be a standard practice – ensuring that even if attackers do get their hands on it, its power as a bargaining chip is greatly diminished and you’re less likely to have to cough up to keep it safe. If your data is encrypted well, it is useless to those who would try to steal it. And if it’s meticulously backed-up, there’s no way to lock you out.
In 2014, South Africa was the most attacked country in Africa, amassing losses of R5 billion due to cybercrime. More recently, South Africa earned the dubious honour of being the global leader in economic crime, with 69% of companies affected.
Cyberattacks should not be addressed reactively, but anticipated and planned for at every organisational level. The best advice for digital safety, and the thing that all three of the above tips have in common, is simple: play it safe.
A healthy amount of paranoia is the best way to ensure your organisation’s guard is never down. If you practice day-to-day prevention – a little training here, a patch or update there – exercising cybersecurity best practices can become a holistic and routine part of your operations, and your business can continue to operate, safe in the knowledge that all bases are covered.