Intelligent CIO Middle East Issue 59 - Page 84

FINAL WORD on your network – able to benefit and provide security data
• Allow visibility of all your assets : a single view of a device is always weaker than a historical view across your network
Furthermore , with time and numerous IT ‘ temptations ’ ( like letting your kids use your work laptop for browsing ) employees ’ awareness levels can be eroded , leading to an increase in their vulnerability to cybercrime .
What other key threats are remote workforces facing ?
An increased number of staff working remotely presents an opportunity for Business Email Compromise ( BEC ) fraud , as the whole scam relies on communications that are never confirmed in person .
Phishing campaigns are also a threat for all employees whether they are based in-house or remote , but for workers who are unused to working ‘ home alone ’ and are now dealing with an increase in email and other textbased communications , it can be easier for them to lose perspective on what is genuine and what is a scam .
In particular , with a rise in malspam playing on fears of Coronavirus from the ‘ usual suspects ’ like Emotet and TrickBot , remote workers need to be extra-vigilant .
How should organisations plan for a ransomware [ or other ] cyber incident ?
Organisations must rely on a modern , well maintained and properly tuned and trusted security solution . Prevention is key with these attacks . Even if the encryption / data-loss can be mitigated through decryptors , backups or rollbacks , victims still face the problem of their data being posted publicly . We encourage security teams to analyse and
Tamer Odeh , Regional Director at SentinelOne in the Middle East
understand the threats and to take swift and appropriate action to prevent incidents occurring in the first place . Below are the suggestions for the type of training :
• Train staff to habitually inspect links before clicking by hovering over them with the pointer to see the actual URL destination
• Train staff to deny requests to enable macros when opening email attachments . Ideally , use an advanced EPP / EDR security solution that can enforce a policy to prevent macro execution or block malicious content if it is executed by the user . CDR ( Content Disarm and Reconstruction ) software can also help protect against exploits and weaponised content in emails and other external sources
• It is obviously best to prevent the ransomware attack from occurring , as recovery is difficult
What advice would you offer organisations for navigating the prepare , protect , respond and recover stages of an incident ?
To address the security challenges , we believe preparation and protection should :
• Support all your existing OSs , including cloud and VDI ; attackers are always looking for your weakest link
• Include several types of technologies that can detect in parallel to achieve separate security layers
• Not rely on a person to run it effectively , including threat prevention
• Integrate with other security solutions
Unfortunately , there is little one can do to recover files once the system is infected with a ransomware attack , but here are a few tips that can help prevent it from spreading and you to be a victim of a repeat attack .
Steps that can be taken when a ransomware attack happens :
1 . Alert law officials – They probably won ’ t be able to help , but as with any ransom activity , they should be informed
2 . Isolate the infected machine – It ’ s important that the system is taken offline , as they essentially own the machine now and can use it to gain access to other systems on the network .
3 . Don ’ t pay the ransom – As with any form of ransom , one is not guaranteed to get data back and paying could encourage attackers to keep up their lucrative game . In addition , if one pays and actually gets keys once , one may be the target of a repeat ( and potentially more costly ) ransom attack in the future .
4 . Remediate – Run endpoint security software to discover and remove the ransomware software . If it cannot detect the threat , wipe your machine .
5 . Restore – Restore your files with the most recent back-up .
How can organisations best improve their endpoint security ?
It ’ s best if organisations use endpoint security software that protect it against unknown forms of ransomware . One way to do that is through EPP that uses Predictive Execution Inspection Engines that go beyond file-based analysis – even mathematic algorithmic analysis – that observes the actual execution of every system process or thread , in real-time . By understanding the execution behaviours of all applications , programs and processes in real-time , EPP should provide ultimate defence against any type of attack . •
84 INTELLIGENTCIO www . intelligentcio . com