By Simon Townsend, Chief Technologist, AppSense
As your customers begin to wind up 2016 and plan ahead, one variable we know will continue into the New Year is the increasing frequency of ransomware attacks. An industry statistic from the Herjavec Group estimates ransomware costs will reach a startling $1 billion for 2016. Organizations around the globe are seeing the effects of ransomware in lost productivity and downtime. Security industry organizations such as the SANS Institute are addressing the ransomware plague and offering sound advice on how organizations can put in place controls that help to prevent these cyberattacks.
The SANS First Five Quick Wins security recommendations speak to establishing controls that offer immediate risk reduction. They address risk mitigation at the endpoint and patch management. These include software whitelisting, secure standard configurations, application security patch installation within 48 hours, system security patch installation within 48 hours, and administration privilege restriction when users are browsing the web or handling email. Enterprises need note: these quick wins are just the beginning of SANS’ larger CIS Critical Security Controls Guidelines, a larger document which recommends longer term improvements in monitoring, automation, metrics, and additional new security controls.
One of the Critical Security Controls guidelines is prioritization, that organizations, “Invest first in controls that will provide the greatest risk reduction and protection against the most dangerous threat actors, and that can be feasibly implemented in your computing environment.” The First Five Quick Wins are controls organizations can put in place now, to further secure the endpoint. It’s important to remember ransomware gets in through people, not through operating systems. All it takes is one employee opening a phishing email or clicking through a link and malware or ransomware cyber attackers have the opening they need. The resulting costs can be high, including not only lost productivity and downtime but impact to brand reputation as well as the potential cost of paying the ransom itself.
Looking ahead to another year of new threats, here are five recommended anti-cyberattack tactics, including recommendations pertaining to SANS guidelines on whitelisting, privilege controls, and patch management:
- Dynamic whitelisting — Ransomware and malware get in through executables. Using the trusted ownership model, you can assign privileges to the user to control who can run executables, to prevent unauthorized code execution. It is also possible to build whitelists using the metadata properties of an executable to allow trusted vendors access.
- User context — Employees today are often working at more than one location, and on a variety of devices. User-context-aware security practices take this into account and look at where the person is working, how they are working and what they’re working on, to determine which applications they can execute.
- Endpoint analysis — To control risk, given the variety of devices in use, IT needs to identify all executable files on a target device and group the files into authorized and unauthorized to quickly create policy. Configurations can be deployed to a user, group of users, machine or group of machines. For efficiency, IT can develop quick start configuration templates that integrate corporate governance and security requirements. IT can create templates such as ‘common prohibited items’ to expedite controls.
- Privilege management — SANS recommendations highlights the risks inherent in users browsing the web or handling email — ripe opportunities for ransomware attacks. Organizations need to tighten up security controls while still allowing users the flexibility they need to be productive and have a satisfying user experience. The least privilege principle achieves this by applying just the right level of granular administrative rights with little to no negative impact on workflow.
- Patch management — Windows 10 migration demands a patch strategy that ensures both the OS and applications are running the latest version. Since these are cumulative updates its incumbent on IT to have this patch strategy in place since organizations no longer have the luxury of evaluating patches one at a time. The SANS recommendations set 48 hours as the deadline for both OS and application patch installation.
The year end is when many of your customers are planning budgets and setting objectives for greater security and increased user productivity. By incorporating these five security measures into your technology recommendations, you’re helping customers make strides in fighting costly ransomware attacks and their impact to business continuity, productivity and downtime. Preventing risks at the endpoint, and stopping executables from delivering ransomware into your customers’ environment, is essential to a solid security plan for 2017.
Simon Townsend is Chief Technologist for AppSense, a provider of User Environment Management solutions which deliver unprecedented user productivity while securing and simplifying workspace management at scale across physical, virtual and cloud-delivered desktops. A frequent industry speaker, Townsend has spent most of his professional life specializing in desktop, application and Citrix delivery for some of the largest organizations around the world. AppSense is a LANDESK company.