Now that the impact of the WannaCry ransomware attack has been mitigated, and access to data and systems restored, it’s time to take stock of this event and identify what lessons we can learn. While this particular attack might be in the past, according to Destiny Bertucci, the Network Monitoring Head Geek™ at SolarWinds, ransomware is set to become one of the biggest threats to public sector organizations. “Government agencies shouldn’t assume they’re safe from ransomware because they were not hit by WannaCry,” she said.
According to Bertucci, U.S. federal government agencies had an innate advantage in the case of WannaCry. “Without a doubt, the changes that federal cybersecurity leaders put in place after the OPM breach via the Cybersecurity Sprint in the summer of 2015 have made agencies far more secure, not least of which is their adherence to Patch Tuesday,” she explained. By using MITRE’s Common Vulnerabilities and Exposures to identify vulnerabilities and following vendor-directed patching schedules the federal government stayed out of the headlines.
However, with legacy systems and software still forming the backbone of many government agencies’ IT infrastructure, there are other actions the federal CIOs and CSOs should be taking to stay ahead of cyber attackers and build resilience into their systems should they become victims of an attack. Bertucci shared with us her five best practices to help manage the risk of ransomware and ultimately defeat it.
Here they are:
Step 1: Educate Users
People are both the number one threat vector and the number one defense against ransomware attacks. Since many attacks leverage social engineering tricks by getting users to open malicious emails or click on infected links, on-going user education has to be a priority. This includes informing end-users about methods to stay safe online, not just at work, but on their mobile devices, and from their home offices.
Step 2: Patch, Patch, and Keep on Patching
Identifying vulnerabilities and fixing them quickly is the key to robust cybersecurity. Seldom do attacks like WannaCry fall into the category of Zero Day vulnerabilities when there’s no opportunity to patch. WannaCry, for example, was identified in March along with a patch, yet it wasn’t until May that the attack crippled IT systems. Most organizations don’t have the resources to keep up with the constant patching cycle that’s currently required. For those organizations that do stay ahead of the game, adopting a Patch Tuesday mindset is key, as is wisely investing in a patch management solution. Strong patch management solutions allow updates to be tested in a sandbox environment to help ensure that nothing adversely impacts the infrastructure. It also enables patches to be pushed out in batches.
Step 3: Update Legacy IT
While it’s not always within an organization’s budget to upgrade to the latest and greatest software or operating system, it is important to consider that it is a worthwhile investment. With federal agencies likely to receive an IT modernization windfall of approximately $250 million via the Modernizing Government Technology Act, upgrading from Windows XP® would be a good first investment.
Step 4: Monitor and Manage
Investing in a Security Information and Event Management (SIEM) tool is another wise investment in the fight against all cyberattacks, especially ransomware. SIEMs have two big advantages in the fight against ransomware. First, they provide a baseline snapshot of your operating environment. This is critical because without a baseline it is not possible to detect anomalies. Second, SIEMs provide broad-based visibility into areas such as file integrity and alert on changes, such as file encryption or movement, which are key indicators of the introduction of malware into a system. With proactive alerts, it’s possible to mitigate and remediate a nascent attack before it has the opportunity to do real damage.
Step 5: Patch, Patch, and Keep on Patching
Really; it’s that important.