Security Roundup: Baltimore Cyberattack, GDPR, Guardicore, Siemplify
… a few disciplines:
- Keeping operating systems and applications updated with the latest software releases, including patches that close specific known security vulnerabilities.
- Being diligent about backing up your systems so that you can restore from a recent backup copy and not lose much data if your primary data stores get locked up or corrupted.
- Training your employees to be wary of common infection methods, like phishing emails that look trustworthy but actually contain links or attachments that download malware if clicked on.
There already have been 22 reported cyberattacks on the public sector in 2019, and it’s only a matter of time before cities realize they can’t afford these infections and dedicate the resources needed to improve their security posture, said Terry Ray, senior vice president and fellow at Imperva.
“MSSPs and cybersecurity providers can help by making advanced data security solutions available, accessible and easy to implement for city governments,” he said. “The best way for cities to prevent an attack is to immediately detect ransomware data access behaviors before the ransomware spreads across the network and encrypts critical data stores. Once detected, you can quarantine impacted users, devices and systems. Having a strategy that takes into account what happens when a cyberattack occurs, whether it’s ransomware or another method, is essential to resiliency.”
While rapid detection is critical, a close second is incident response, specifically restoration of data, Ray said. Most ransomware tools target files and databases, but extend the attack to include the encryption of backups as well, he said.
“Backups should be made and tested frequently enough to make restoring from backup an acceptable organizational option as an alternative to paying a ransom,” Slaby said. “Too few organizations make effective backups often and broad enough to effectively restore data to a point that a business can quickly return to normal activity post-attack. And then there are the sad few, who have their data and backups encrypted in the attack. You should have frequent reliable backups stored in a location gapped from the core network, possibly even off-site.”
The threat environment that led to the Baltimore attack presents “enormous opportunities” not just to MSSPs and traditional cybersecurity providers, but classic VARs, too, Slaby said. If you’ve been looking to bridge from selling just perpetual-license, premise-based software into offering cloud-based services, helping customers fend off these kind of attacks is a great way to expand your business, he said.
“I would be looking at offering a combination of behavioral anti-malware services and data protection to defend customers against urgent malware threats like ransomware and cryptojacking, and maybe buttress that with wraparound services like patch management, vulnerability management, traditional antivirus (which is still useful against known threats), and security awareness training,” he said.
GDPR One Year Later
A year after the deadline for General Data Protection Regulation (GDPR) compliance, there are conflicting sentiments from the global workforce about whether the law has been effective, according to a new survey released by Snow Software.
The survey, which polled 3,000 professionals in the United States, Europe and Asia Pacific, found that just 39% of respondents feel their personal data is better protected since GDPR enforcement began. Another 34% said data protection seemed the same, while 20% are unsure and 6% actually believe their personal data is less protected than it was prior to enforcement.
This mixed response around the impact of GDPR likely reflects …