printer friendly version

Facing the cybersecurity challenge

We all know there is no shortage of cyber problems in the world today. Whether you’re a government, a hospital, a global corporation or a small business, the constant threat of malware, ransomware, phishing and all the other types of attacks people have invented leaves many wondering what to do to protect themselves and their businesses.

There are many products and solutions from just as many companies out there, but what exactly do they offer and how will these solutions protect you and best serve to strengthen your cybersecurity posture? Hi-Tech Security Solutions asked a few companies specialising in cyber protection to give us some advice as to what they offer and what businesses in the trenches should be doing to ensure they don’t end up getting into cyber-trouble.

Our questions covered what solutions they have for detecting malware and what proactive and preventative solutions are on offer; what the company offers in terms of remedial advice once an attack has happened; and what processes and best practices companies should have in place to protect themselves. Below are various answers we received, focusing on different aspects of the cybersecurity challenge.

Russell Young, Trend Micro sub-Saharan Africa

Trend Micro offers solutions to detect both known and unknown malware. These solutions are available for the endpoint, mobile, data centre (on-premises and cloud), gateway (on-premises and cloud) and network layers.

In terms of proactive and preventative solutions, network inspection gives you 360-degree monitoring of network traffic and scans more than 100 protocols to detect suspicious activity, command and control (C&C) communications, and lateral movement of inbound, outbound, and internal network communications. This means you get insights into the threats coming your way and a chance to thwart them. When a suspicious item is detected, it is automatically submitted to a customised virtual sandbox, optimised to help you determine if suspicious content is, in fact, malicious.

If an attack is detected by Trend Micro’s solutions, targeted intelligence covering malicious files, IP addresses, and C&C communications is shared across products and environments (end-users, servers, cloud, and networks) for real-time protection. The next time these objects are encountered they can be blocked automatically – the benefit of Connected Threat Defence.

In terms of standard processes: Make sure your software is patched up-to-date as this will reduce the chance of an attacker exploiting a vulnerable system and gaining access to it. At the end of the day, attackers see users as an easy way to compromise a system, therefore one of the best ways to protect yourself and your organisation is by educating yourself and your employees.

The Trend Micro Education portal provides partners and customers with the opportunity to build their skill and strengthen their knowledge. Trend Micro also has security blogs and intelligence blogs which are available for public consumption.

More information at www.trendmicro.ae.

Pieter Nel, Sophos

There’s no silver bullet to malware, ransomware or the targeted attack. You need a range of security technologies to protect your business from known and unknown threats. That’s why Sophos recommends a synchronised approach to dealing with these threats using both network and endpoint defences.

Complex, coordinated malware attacks are now the norm – a single threat will often touch your web browser, firewall, servers, endpoints and data. Sophos’s Synchronised Security is a security system where integrated products share security information and respond automatically to attacks. The result: faster, better protection against advanced threats.

Some recommended best practices to protect yourself include:

• Backup files regularly and keep a recent backup copy off-site. Encrypt the backup for an additional layer of protection.

• Do not enable macros to open attachments that are sent via email, as this is how infections are spread.

• Be cautious about unsolicited attachments and refrain from opening them.

• Patch early and patch often. Usually malware that is not spread via document macros, often rely on security bugs in popular applications such as Office and Flash.

• Train and retrain employees to avoid booby-trapped documents and malicious emails.

• Invest in a robust security solution that provides effective defence against emerging threats and visibility into user activity and use of the network.

Sophos regularly conducts workshops, seminars and webinars to spread security awareness amongst end-users. A solid security awareness programme is an integral part of any defence-in-depth strategy. Sophos Phish Threat educates and tests end-users through automated attack simulations, quality security awareness training, and actionable reporting metrics. It is an advanced security testing and training platform designed to reduce risk from IT’s largest attack surface – the end-user.

Mayleen Bywater, Vox

Ransomware and lock-key viruses target the network and endpoints while spear-phishing and whaling target the mail environment and links in documents and attachments that might otherwise be considered as being received from trusted sources. Vox offers solutions that span the security landscape, with a view of being preventative.

Mayleen Bywater.

When we discuss security with our clients, we recommend an ongoing education and awareness programme. Gone are the days where security breaches, viruses and malware is the sole responsibility of the IT department. All end-users, business executives or owners, IT managers and any resource that has access to the network or company email needs to be informed about, and aware of viruses, and the various shapes/ forms they take. The weakest link need no longer be the human element.

According to a security preparedness report commissioned by Fortinet, South Africa´s marketplace and maturity value as it relates to cybersecurity and other security threats is on par with the rest of the world, but we are lagging in response time to security breaches.

Our approach with customers is to start with an audit of the risks to the organisation. Once concluded, we work with the business to develop and deploy security strategies that offer maximum coverage. The flipside of not having enough security is adding too much, which is also not optimal.

We always encourage businesses to take the necessary steps to protect themselves and their data. These include encouraging people to change passwords regularly, backup data (frequently) so that should they be compromised, it can be restored in a clean environment. An offsite or cloud-based backup solution is a worthwhile consideration.

Simeon Tassev, Galix Networking

Not all malware is targeted at all industries and different malware is created to target different enterprises for different reasons. Due to this, we believe in customising malware detection solutions around specific client needs, based on their unique threat profile and various factors such as the size of the business, number of users, types of users and, of course, the industry they operate in.

Simeon Tassev.

One of the biggest challenges customers face today is accessing, understanding and analysing the data produced by their various security – and other – tools in order to proactively prevent security breaches. For this reason, we offer Security Operations Centre (SOC) solutions that analyse data from various sources to generate alerts which help us to advise customers on the adjustments, tools, controls and mechanisms they need to put in place in order to proactively protect themselves.

After an incident, Galix can do a post mortem of the attack to define a plan to prevent similar attacks from happening in future. Proactively, we can offer regular assessments and security testing services which identify gaps in security in order to mitigate the risk of attack.

The processes and best practices required vary between organisations, depending on their specific needs and the industry in which they operate. However, we typically recommend using the Centre for Internet Security (CIS) Top Twenty Security Controls as a standard best practice.

It is vital that all users be educated and made aware of the types of threats available, how to avoid them and how to handle a breach. Security awareness is critical as it is the best form of defence against cyberattack and training should be specific to various employee levels within the business. Customising the training ensures trainees receive only the training that is relevant to their own circumstances.

Riaan Badenhorst, Kaspersky Lab Africa

As cybercriminals are always looking for sophisticated ways to infect users’ devices, or a network of computers within an organisation with malware, we see attacks come in various forms – including viruses, worms, Trojans and spyware, to mention just a few. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.

Riaan Badenhorst.

The company’s security portfolio includes endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats.

We also offer Security Intelligence Services to corporate customers, as well as the comprehensive integrated Kaspersky Endpoint Security platform, along with a range of specialised, targeted solutions.

There are various ways in which a cyber-attack can occur. In an instance where your business is held to ransom by cybercriminals, we always encourage businesses not to pay the ransom. At Kaspersky Lab we have the latest decryptors and ransomware removal tools that can assist businesses that have been held to ransom to get your digital life back.

Further to this, and when it comes to cyber threats, anyone or any business can be hacked. In order to avoid such attacks, Kaspersky Lab provides a free anti-ransomware tool which is available for all businesses to download and use, regardless of the security solution they have installed.

John Mc Loughlin, J2 Software

I want to start out by saying that it is impossible to put down one piece of technology as a solution to detect all forms of malware – that is Nirvana thinking. And, yes, there are companies out there who will tell you that they can stop it all, but that is nonsense. We cannot detect all forms of malware because nobody knows what all the forms of malware are. Older code is changed, morphed and added to on a continuous basis. Malware and other cyber-attacks change all the time as the attackers find new and devious ways to work their way into networks and systems. We cannot simply deploy a solution (or bunch of solutions) and expect everything to be ok.

J2 Software, from our Cyber Security Centre, stays away from talking about a particular product as a cybersecurity solution to our customers. Working from a point of view of a product solving malware or cyber issues is the old way of doings things and sadly, most organisations still use 20-year-old ‘best practice’ to try and defend against modern and evolving threats.

In order to protect yourself and your organisation we recommend that you apply a monitored, managed and well controlled cyber resilience programme that caters for changes to environment and infrastructure on an ongoing basis. We ensure that our customers start from a position of increased visibility and provide capacity for automation and immediate remediation when an anomaly occurs – not several months down the line, or when their email archive is paraded on the dark web for all to see.

In the case of an attack, as soon as there is an indicator of compromise, our team is already looking at the detail and will confirm if a threat exists. Once the threat is identified it is then immediately remediated. All of these add to the ever growing knowledge base of known breaches and this prevents the same or similar attempts in the future.

Dragan Petkovic, Oracle

The future is autonomous. In March this year Oracle announced its Autonomous Data Warehouse Cloud Service (ADW), the first available cloud service offering from a new category of autonomous cloud services, which is set to expand to Oracle’s entire platform of cloud services, such as security, analytics, innovation, integration and management.

Dragan Petkovic.

This suite of autonomous services is driven by artificial intelligence (AI) and machine learning (ML), which removes the potential for human error, through three foundational elements:

• Self driving – This automates patching, upgrades and tuning, including performing all routine database maintenance tasks while the system is running, without human intervention.

• Self securing – Automatically encrypts all data and provides automatic security updates with no downtime and protection from both external attacks and malicious internal users.

• Self-repairing – Provides automated protection from all planned and unplanned downtime with up to 99.995 percent availability.

This is the first cloud data management solution that offers businesses access to an intelligent enterprise and error free solution, driven by AI and ML. Unlike traditional stagnant security systems, ADW is built with adaptive intelligence, this learning-enabled application detects trends and learns from them.

Best practices in a nutshell

By Riaan Badenhorst, general manager at Kaspersky Lab Africa

Although not a comprehensive list, the steps below can be taken to protect yourself from an attack:

• Remember, prevention is better than cure – make sure that you back up your important files regularly. It is highly recommended that you create two back-up copies: one to be stored in the cloud (using services like Dropbox, Google Drive, etc.) and the other recorded to a physical means of storage (portable hard drive, thumb drive, extra laptop, etc.).

• If it looks too good to be true, it probably is – fine-tune your antispam settings and never open attachments sent by an unknown sender. Remember, malicious links can be sent by your friends on social media, your colleague or online gaming partner whose accounts have been compromised in one way or another.

• Make sure that you have a good online security solution – use a strong antivirus program or security app to protect your devices from ransomware. The security solution must be able to prevent viruses from getting into your device or, should the virus infiltrate your system after all, protect important files.

Should you be hacked through a phishing scam, the following becomes critical:

• Run your antivirus program

• Change your passwords

• Change your passwords on your other online accounts

• Get totally secure: Run an antivirus scan on all connected devices, including your laptop, tablet and smartphone, to make sure attackers aren’t jumping the gap between platforms to infect your devices. Take steps to secure the cloud as well, since it may also contain your personal data.

Understanding user behavior

By Dragan Petkovic, Oracle security product leader, ECEMEA.

To combat modern security threats, many enterprises are turning to security solutions that leverage user behaviour analytics (UBA). By analysing user behaviour and forming a baseline definition of normal, these solutions can notify IT administrators when deviations occur.

Traditional security measures based on protocol analysis and virus signatures continue to be part of every enterprise’s defence system. However, these solutions are more applicable to legacy threats than the modern threats designed to target specific enterprises. Additionally, they cannot cope with savvy users who, for sake of productivity and convenience, often attempt to bypass existing security measures and company policies.

Rather than focusing solely on quickly identifying attack objects, such as viruses and malware or beating the hackers to the punch with early discovery of vulnerabilities in operating systems or browsers, these UBA solutions focus analysis on actions performed by particular users, forming a baseline of normal behaviour and continuously monitoring for deviations from the accepted norm.

By continually assessing the normal behaviour of users, any deviations, including upgrading user privileges, accessing sensitive security settings, and changing security settings can result in an alert being sent to the IT administrator.

Share this article:

Further reading: