'How to take preventive measures from threats to cyber security/potential hackers'

The threat landscape is ever changing. With the change in motivations behind the attacks from an individual system disruption, service disruption, network disruptions, state sponsored, underground economy, and to the recent ransom extraction, everyone is now forced to review their security measures against their IT systems or infrastructure. Gone are the days where the attacker has to put in reasonable efforts, to do reverse engineering to develop an exploit, after a patch is released for a known vulnerability. With the availability of the tools and exploits online, the attackers have to put in fairly less efforts to improve or construct new exploitations tools for their needs. In order to counter these attacks effectively, one needs to do a thorough review of their security posture. Following are some of the items that help in the journey of improving threat protection measures:

For the organizations:

Risk Management –

Minimizing the adverse impact and need for a strong base in decision-making are the main reasons, organizations implement Risk Management on the IT systems (Ref. NIST publication 800-30).

Changes to IT resource may likely introduce vulnerabilities and change the overall risk status.

Effective Risk Management helps identify what are the more critical or sensitive resources so that, more stringent security controls can be applied or more efforts required to protect.

Integrating the Risk Management into the System Development Life Cycle, help address security at all the stages in the Life Cycle and would yield effective results.

Incident Management -

An effective Risk Management Program includes effective Incident Management and Response capabilities. A Risk, not prevented by the Risk Management Controls establishes an incident. The organizations must have strong Incident Response Team, with clearly defined Roles & Responsibilities and, Incident Management Plans to manage such incidents with an intent to stop it from leading to disaster. The Incident Management is more often a crisis management and hence, the policies and procedures should be clear and to be able to follow easily. The procedures should be periodically reviewed and tested for more effectiveness.

Periodic Review–

The organizations should continuously monitor the Security Metrics and review their effectiveness, periodically. This helps know the effectiveness of the implemented security controls, realign the existing or implement additional controls to manage the Information Security.

Detection / Prevention Tools –

Most organizations would have Intrusion Detection or Intrusion Prevention or both systems in place to detect and protect the network from malicious attacks or breaches. Apart from detecting threats or attacks, the IDS can also be used to identify problems with an organization's security policy, document existing threats, and use the information to update awareness programs to stop users from violating organization’s Information Security Policies.

Fine-tuning these tools regularly to maximize the accuracy in recognizing real threats while minimizing the number of false positives would help detect and defend new & zero day attacks effectively.

Patch Management-

The recent Wannacry pointed out the shortfalls in the patch management. The organizations should revisit their patch management process and extend this to the complete IT systems. The increased attacks on the IoT devices can be addressed by including the Firmware updates in the Organization’s Patch Management process.

Training and awareness –

People are the greatest risk to any organization. Their actions by mistake, accident, lack of knowledge and may be occasionally with malicious intent lead to incidents. Providing periodical trainings on operational knowledge and Awareness campaigns on the information security concepts will help them contribute in the Information Security Management. Include awareness on Handling email attachments, Phishing, Vishing, Click-jack, Social Engineering etc., in the training sessions. Test the effectiveness of the awareness trainings, periodically.

For Individuals / Home Users:

Install a best antivirus, antimalware software and configure it tightly to protect your system. Installing a Firewall or Host Intrusion Prevention System adds extra layer of defense but it requires little extra knowledge to configure the tools effectively.

Use original software for all your needs and keep them updated. If you have to download free / Open Source tools, go to the software developer’s site for downloading them. 3rd party repositories of the free software, may not have proper measures to check the hosted software and you may end up downloading your software embedded with malicious content and infecting your system.

Be cautions on the email attachments. Do not open unknown email attachments.

Backup your files to an offline storage and test them regularly to check the integrity of the files and they can be recovered in any adverse event.

Rama Krishna
MD, Bodhtree