Securing the network, in a hyper-connected world
Last May, ransomware in the form of WannaCry reached a whole new level when they made their presence felt worldwide and in a number of different organisations across different sectors.
Many security experts have come forward with their views and opinions about WannaCry, but only a few have been able to give a holistic view of the whole attack ie. what were the infrastructures involved and what are the components to consider when protecting against ransomware.
Barracuda Networks’ Senior Director of Product Management, Anshuman Singh outlined the importance of endpoint security and network security, pointing out the advantages of both and how they complemented each other.
Barracuda Networks is a company that specialises in content security, networking and application delivery as well as data protection and recovery.
Anshuman, a veteran who has nearly 20 years of working on data security and protection in customer environments, has a unique view of what’s required to protect content and data.
He said, “More important is to understand the threat vectors that impact an organisation, and then secure against that.
“All vectors such as email, network access, file uploads etc. need to be secured.”
According to the director also, network security like Barracuda’s, is important to secure the entry via which malware can enter, and via which exfiltration of data happens.
Breaking down the WannaCry malware
Many experts view WannaCry as just a taste of what future cyberattacks will look like. Rightly so. The scale with which it all happened, simply demonstrates the potential catastrophe that single-minded resolve on the part of cyberattackers, can achieve.
“In all aspects of human interaction there are people who will adopt illegal ways of becoming rich fast. This is one more of those ways,” said Anshuman. “Ransomware is a big business and it gives good returns to people involved in the proliferation of the malware.
“Currently, since it’s easy to spread malware and earn money, this trend will continue to grow till organisations and individual users become aware of it and learn how to protect themselves.”
According to him also, there are two aspects to ransomware that became very obvious because of the WannaCry attack.
“The malware has to land inside the organisation and it has to be ‘exploded’… this is the step where a person was involved.
“Ransomware can then move within the organisation and hunt down other susceptible systems – this part is automated.”
Clearly, there are many attack surfaces and attack vectors that malware and attackers are able to exploit and infiltrate into networks.
Where does one even begin to secure their networks?
All it took was singular concerted efforts in the form of the WannaCry malware, and it exploded and spread to a scale that it never has before… beyond a single organisation, beyond a single industry and to a number of countries around the world.
Moving forward… what’s in the horizon for our networks?
From the way that industries are expanding and increasing demand for productivity, agility, responsiveness and automation, networks have had to evolve in a way that increases attack surfaces many times fold and makes it conducive for ransomware to spread almost undetected.
According to Dark Reading , the Internet of Things (IoT) is home to some powerful and significant systems. Its article pointed out that things like public school security, hospital medical devices, building HVAC systems, city street lights and more can be found on the Internet of Things. What happens when a criminal holds them for ransom?
Barracuda Networks’ experts rightly point out, that there are multiple layers of challenges to IoT security. Namely, these are:
- Multiple vendors and device types bring multiple management points and various security baselines
- The Internet of Things remains unchecked, uncontrolled and ungoverned in many companies
- Criminals often have more resources than their ransomed organisations or what these ransomed organisations are willing to invest in
- Security for IoT devices is often thought of after deployment
- Many device passwords are never changed, and some are hard-coded and cannot be changed
- There is no simple way to apply patches to all devices
Barracuda Networks experts like Anshuman opine that the first vital step to take, is to establish controls on the company network.
For example, when it comes to adding a device to the network, the responsibility of doing this securely, falls upon the one who is capable of evaluating the security of the devices as well as how those devices will impact the network.
Other best practices include the following:
- Creating and following minimum security standards like disabling default credentials, creating a new user for the device admin and closing unused ports and disabling unused services.
- Taking advantage of the security features on devices. For example utilising two-factor authentication that Nest has added as option to its products.
- Organise the management of these devices as much as possible – inventory the network, document approved devices, remove the others. Set up management of devices on a single pane of glass. Schedule update checks and install updates as well as document and keep copies of any custom device configurations.
- Secure these devices with a perimeter firewall, just like you would any endpoint on your network. Look into additional network security. Barracuda offers a family of NextGen Firewallsthat can protect a single office or a central office with multiple branch offices and IoT endpoints.
The Barracuda NextGen Firewalls F-Series is a family of hardware, virtual, and cloud-based appliances designed to secure intelligent perimeters and dispersed network infrastructures. The F-Series cloud-ready firewalls offer a suite of powerful and robust features, including the capability to secure Machine-2-Machine connectivity and the Internet of Things.
- Last but not least, maintain reliable backups! This is key to recovering data from a ransomware attack and/or retaining configurations of all the devices that are on your network!
They are taking our money, and they are doing it in broad daylight now.
And there are no signs of this ever stopping or slowing down.
Anshuman concluded, “It is up to the individual or the organisation to evaluate the cost of maintaining status quo and letting this happen versus the cost of putting security measures in place to prevent themselves from being held for a ransom.”