Connect with us

Featured

Five steps for companies to respond to cyber attacks

Published

on

A dreaded issues an IT team has to deal with is that of ransomeware. However, PETER ALEXANDER, CMO, Check Point, offers five tips on how to avoid it.

It’s the call that IT teams dread:  an employee is reporting that their PC screen is flashing red, with a message telling them that their files are encrypted and that they need to pay a ransom to get them unscrambled.  What should they do next?

The actions that the organisation takes over the next few minutes, and hours, will be critical in determining just how big – or small – an impact the cyberattack will have.   What’s more, a cyberattack does not only negatively impact the company’s physical IT systems:  it also causes stress and puts employees under pressure too.

A recent paper from the University of Haifa found that cyberattacks have a strong psychological impact on all staff, increasing their levels of anxiety, stress and panic – which can then lead to mistakes being made, and in turn further damage.

So how should organisations go about eliminating these human, panicky and emotional reactions to cyber incidents, and develop a more coordinated, conditioned response?

Training is never in vain

A key example is the rigorous training that airline pilots are given in dealing with unexpected events:  they are provided with extensive checklists and procedures that cover virtually every eventuality, from running out of fuel, to engine failure, to structural damage.  And those procedures are practiced again and again, both in simulators and in flight conditions, so that in a real-time emergency situation, their response becomes an automatic reflex action.  The result is that when an incident happens, the first thing the pilot and co-pilot will do is turn off the warning alarm, so that they can think clearly and start running through the appropriate checklist.

Enterprises need to undertake similar, rigorous planning to help them respond quickly and accurately to breaches or attacks.  They should prepare an incident response (IR) plan, and assemble an IR team that includes all relevant internal stakeholders – such as IT and security specialists, HR and PR teams, plus in some cases, specialist external resources.   Also, preparation alone isn’t enough:  the execution of the plan needs to be practiced, through realistic training drills.

To help organisations develop faster, more effective responses, here are five key steps that they should follow, whether in a training exercise or in the wake of a genuine incident.

  1. Recognize the incident is happening

The critical first step is for staff to take the attack seriously and move swiftly, but without panic.  Think of the ideal response to a fire alarm in an office building:  everyone should immediately stop what they are doing and make their way to the exits without pausing to gather their possessions or empty their desks.   A cyber incident should be granted the same instant attention and focus.  As soon as it is identified, all staff need to be alerted, smoothly and efficiently, and given clear, calm instructions as to what to do next, whether that is simply stepping away from their desks, or shutting down their PCs or devices.

  1. Gather the resources you need

This means mobilizing the security tools and technology, as well as the trained staff which make up your organization’s security infrastructure, and getting them to focus on mitigating the incident.  Clearly, not all staff will need to be involved in this stage, so it’s all about pulling together the right experience and expertise – fast.  Your IR plan should set out which personnel need to be involved, and if any external security resources are to be used.

Of course, assembling the combination of tools and talent isn’t cheap.  But the investment and time required to build effective defenses is dwarfed by the real-world costs of cyberattacks, in terms of remediation of immediate damage and subsequent fallout.  The NotPetya ransomware attack of summer 2017 was estimated to have cost global logistics firm FedEx $300M in lost revenue and clean-up costs, and pharmaceutical giant Merck & Co stated that NotPetya cost it around $135M.  So with companies on average experiencing two cyberattacks per week which breach their defenses, it’s clear that it’s far better to invest in preventing attacks, than to pay the far higher costs for a cure after the fact.

  1. Execute your IR plan

This is the active stage, in which you should work through your IR plan step by step to determine what the nature of the attack is, how it breached your defenses, how it can be isolated, and how the damage can be remediated.  For organisations that do not have an IR plan to hand, it may be best to call in external specialist help at this stage:  but for the future, here’s a checklist of what the plan should include, and important do’s and don’ts to follow when preparing a plan for your organisation.

  1. Communicate

Too often, organisations stop at stage three. But communication regarding the attack is vital – not only to all your internal stakeholders and employees, but also where necessary to external stakeholders such as partners, customers and investors. This is becoming a regulatory requirement.  All stakeholders, both inside and outside your organisation, need to understand what has happened and what the implications are for them – in language pitched at their level of technical understanding.

This is a specialist stage, which should be left in the hands of your communications team.  The recent revelations about Uber’s 2016 cyberbreach and the subsequent cover-up are a lesson in how not to communicate – and the consequences that might follow.

  1. Learn

Once again, this is a truly crucial element of IR that is too often neglected.  Every cyberattack should generate serious lessons for the organisation in question. After an attack active steps should be taken to repair the vulnerability, modify and improve the exploited process, retrain any staff that may have made a mistake, and put in place, or update the existing IR plan.  Inability to learn from and take steps to improve cyber protection after suffering an attack leaves the organisation vulnerable to a similar attack occurring again.

In conclusion

Effective incident response is about training and practice.  Developing an IR plan and keeping it updated involves work and investment – but during a cyberattack, that investment will pay dividends.  Whether you decide to handle your IR internally or draw on external expertise, it’s important to make a plan now, and test it against possible attack scenarios.  This will help to eliminate panic during an attack, limit the damage and fall-out from the incident and get your business ‘back to normal’ as fast as possible.

Featured

How we use phones to avoid human contact

A recent study by Kaspersky Lab has found that 75% of people pick up their connected device to avoid conversing with another human being.

Published

on

Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much-needed comfort blanket in a variety of social situations when they do not want to interact with others. A recent survey from Kaspersky Lab has confirmed this trend in behaviour after three-quarters of people (75%) admitted they use a device to pretend to be busy when they don’t want to talk to someone else, showing the importance of keeping connected devices protected under all circumstances. 

Imagine you’ve arrived at a bar and you’re waiting for your date. The bar is busy, and people are chatting all around you. What do you do now? Strike up a conversation with someone you don’t know? Grab your phone from your pocket or handbag until your date arrives to keep yourself busy? Why talk to humans or even make eye-contact with someone else when you can stare at your connected device instead?

The truth is, our use of devices is making it much easier to avoid small talk or even be polite to those around us, and new Kaspersky Lab research has found that 72% of people use one when they do not know what to do in a social situation. They are also the ‘go-to’ distraction for people even when they aren’t trying to look busy or avoid someone’s eye. 46% of people admit to using a device just to kill time every day and 44% use it as a daily distraction.

In addition to just being a distraction, devices are also a lifeline to those who would rather not talk directly to another person in day-to-day situations, to complete essential tasks. In fact, nearly a third (31%) of people would prefer to carry out tasks such as ordering a taxi or finding directions to where they need to go via a website and an app, because they find it an easier experience than speaking with another person.

Whether they are helping us avoid direct contact or filling a void in our daily lives, our constant reliance on devices has become a cause for panic when they become unusable. A third (34%) of people worry that they will not be able to entertain themselves if they cannot access a connected device. 12% are even concerned that they won’t be able to pretend to be busy if their device is out of action.

Dmitry Aleshin, VP for Product Marketing, Kaspersky Lab said, “The reliance on connected devices is impacting us in more ways than we could have ever expected. There is no doubt that being connected gives us the freedom to make modern life easier, but devices are also vital to help people get through different and difficult social situations. No matter what your ‘connection crutch’ is, it is essential to make sure your device is online and available when you need it most.”

To ensure your device lifeline is always there and in top health – no matter what the reason or situation – Kaspersky Security Cloud keeps your connection safe and secure:

·         I want to use my device while waiting for a friend – is it secure to access the bar’s Wi-Fi?

With Kaspersky Security Cloud, devices are protected against network threats, even if the user needs to use insecure public Wi-Fi hotspots. This is done through transferring data via an encrypted channel to ensure personal data safety, so users’ devices are protected on any connection.

·         Oh no! I’m bored but my phone’s battery is getting low – what am I going to do?

Users can track their battery level thanks to a countdown of how many minutes are left until their device shuts down in the Kaspersky Security Cloud interface. There is also a wide-range of portable power supplies available to keep device batteries charged while on-the-go.

·         I’ve lost my phone! How will I keep myself entertained now?

Should the unthinkable happen and you lose or have your phone stolen, Kaspersky Security Cloud can track and protect your device from data breaches, for complete peace of mind. Remote lock and locate features ensure your device remains secure until you are reunited.

 

Continue Reading

Featured

Five key biometric facts

Due to their uniqueness, fingerprints are being used more and more to quickly identify and ensure the security of customers. CLAUDE LANGLEY, Regional Sales Manager, for Africa at HID Global Biometrics, outlines five facts about the technology.

Published

on

How many times in a day are you expected to identify yourself? From when you arrive at work you are required to sign in, visiting your bank, receiving healthcare services… The list is endless. When a system knows who you are, you are able to do any number common, everyday activities. Your identity is unique and precious. It is also easily stolen and the target of many hackers across the globe. Technology is constantly evolving alongside the criminal element, always looking for ways to protect data and identity. One such solution happens to be biometrics and it is rapidly gaining traction in our increasingly complex modern world.

Reliable, secure and fundamentally YOU, unique biometric traits such as fingerprints are being used by banks, enterprises and consumers to verify identity. Biometric solutions offer significant identity protection because they use unique biological details to ensure an account is only accessed by the account holder, a door only opened by the owner. Here are five things that are little known about this technology…

  • The uncut identity. Your fingerprint is unique to you. Nobody can use a copy of it to impersonate you. Good technology is capable of scanning down into the layers of the fingertip to differentiate unique elements of a person’s fingerprint, this data is then encrypted and used as a key to unlocking whichever physical or virtual door that the biometric system protects.
  • The living proof. No, there is nothing to the stories of fingerprints being used without their owner’s knowledge or permission. Biometric solutions can use specific variables to determine if the finger used to access the system is that of a present, living person.  A copy or a fake cannot be used to access a cutting-edge biometric solution.
  • Easy and convenient. Queues and documents and paperwork may well be a thing of the past should biometrics take a firmer grip of government and banking systems. The process of registering is easy, and access to identity documents and records is yours alone.
  • Security blanket. A thousand passwords and a hundred post-it notes stuck on walls and drawers.  An excel file with a list of sites and applications and their corresponding passwords, all a thing of the past.  Nobody needs to remember their password with biometrics, they only need to show up.
  • Anywhere is cool. Schools, airports, networks, offices, homes, toilets, banks, libraries, governments, border controls, immigration services, call centres, hospitals and even clubs and pubs – knowing “who” matters and biometrics can quickly and conveniently confirm your identity where needed.

Continue Reading

Trending

Copyright © 2018 World Wide Worx