*** ----> Guard against cyber-attacks | THE DAILY TRIBUNE | KINGDOM OF BAHRAIN

Guard against cyber-attacks

In today’s highly digital era, cyber-attacks have become an imminent major threat to not only organisations and institutes, but society as well. With the power of technology, these cyber-attacks are unleashed on a large scale with a global reach to millions of devices in relatively no time. 

We have recently witnessed the unfortunate impact of WannaCry attack back in May this year, which is a ransomware virus that holds computers hostages until a ransom is paid. This attack alone affected over 300,000 computers worldwide in almost 3 days alone. Only after the WannaCry calamity, we realise that it is not the end with many attacks propagating in WannaCry’s footsteps, and the most notable one today is Petya ransomware. 

Lately some of the global organisations (mainly in the European region) have reported new ransomware-based cyber-attack, named Petya. The attack is similar to the previous WannaCry campaign and is believed to use an updated version of the EternalBlue exploit (stolen earlier from US NSA). Based on the available information, it is understood that the attack focuses on the phished emails to start the initial infection (either as an attachment or a website link), which then spreads into the network using Microsoft SMB v1 (a publicly known vulnerable protocol still used in legacy applications).

With the potential impact and threat these attacks hold against organisations, it has become mandatory to build and maintain effective information security controls. It must be emphasised that these attacks generally exploit any of the three pillars of an organisation, which are people, processes and technology. These pillars must be taken into consideration when building any control to safeguard an organisation’s assets against similar attacks, while failure to do so will increase the organisation’s weak links. 

When it comes to people, similar to most of the cyber based attacks, users form the weakest link. A click on the infected content will prove all other controls as ineffective. Therefore, users should be on the fore-front in securing against these attacks. A culture of information security awareness should be implemented in organisations where the users are informed about these attacks and how they can secure the organisation by not falling prey to these attacks.

As for processes, which are key to run the organisations’ operations, organisations need to improve their legacy processes to ensure that they are still relevant in securing against these latest attacks. The processes related to strict and timely patch management on systems and devices, monitoring of the suspicious inward and outward traffic, periodic backup of data, and identification/treatment of risks on technological assets are critical to have to secure the organizations against these attacks and limiting the damage in case of a breach.

And last but not least, when it comes to technology, email protection solutions should be fine-tuned to ensure that the malicious emails are blocked for the end-users. Advanced Intrusion Detection and Prevention systems should be implemented to restrict the flow of suspicious traffic in the network. Further, it should be ensured that the antivirus (anti malware) protection solution is always up-to-date and working effectively. Sandboxing and other Advanced Persistent Threat (APT) protections can also be helpful in identifying and securing against these threats.

Organisations that manage to find the right balance between these three pillars in all of their controls are expected to have a more resilient and robust guard against similar cyber-attacks.