What to do after a ransomware attack? A guide for enterprises
Nobody's safe. Your organization, sooner or later, will face a security incident. I know it is a bold statement, but ...
As we’re moving into the summer months, I prepared for you a round-up of key trends in cybersecurity that I’ve observed in recent weeks. Some of these came as a result of our webinar not long ago.
Here is all you need to know about the threat landscape right now, with 3 practical steps at the end of this post.
Here is what you need to know about enterprise security right now.
We asked cybersecurity expert Alex Weinert for his insights on the current threat landscape. Here are his thoughts and advice for you:
Ransomware should no longer be considered just a cyberattack – it is clearly made for profit, as are other incidents.
Hackers even disclose some industry configuration details for other attackers to use in their attempts. You could practically get 24/7 support for performing your own cyberattack if you wanted.
It’s big business, and it should be treated as such.
Last April, Microsoft took down 2000 fake logon sites for Office 365 in just one day. Bad agents take quite an opportunistic approach, targeting mainly small businesses with COVID-relief packages.
If it seems like the bad guys are getting organized, it’s because they do. In fact, you’ll likely sooner find instructions for how to create a phishing email, than on how to identify one.
Everyone assumes it won’t happen to them – it will. It might already be happening.
The security perimeter has changed. Your users are now the weakest point of your network. In addition to protecting identities, you need to make sure every employee knows they’re part of the threat environment. Make them part of the solution, instead of the problem.
It doesn’t mean you need to make everyone an expert, but everyone at your organization should have a baseline understanding of best practices. Security is everyone’s business.
The Zero Trust approach puts identities at the core of your security. It works on the principle of continuous access evaluation.
You can use tools like Microsoft Graph Security to assess a user’s threat profile at every request. If anything changed – permissions, resource, connection, device, or anything else – reauthentication is triggered.
It’s not just about access and passwords – Zero Trust also applies to developers and apps. When building a new product, we need to think about how to embed security within. It needs to be a part of the package, not an add-on.
Here you can read more about Zero Trust.
The technology to help your business stay secure is already there. In fact, often organizations have too much technology in place, already paid for, but they’re not making the most of it.
Your attitude to risk is what can make the difference between an incident and a disaster.
There are easy things you can implement today to make your network safer:
Here is what you can start doing today to improve your organization’s preparedness when it comes to cyberthreats.
If you want to stay in business, you need to make security the top priority for your company. It means you’ll need to be an internal salesperson, to get the buy-in from the decision-makers. Some practical advice:
Remember the key principle: observe – orient – decide – act.
You can’t act until you understand what’s happening. You’re wasting efforts that way.
Your tools are only as good as your configuration. Specify the key assets to protect and make sure you’ve got your basics sorted out, like offline backup and incident response procedure.
One of my favorite quotes goes: “all of this has happened before, and will happen again”.
So be prepared for the future. Address the basics. Know who has access keys to the backups, and whom to contact when you need help getting back online.
Here’s the thing about cyberattacks – most organizations will only deal with them once. This means there’s nowhere to get experience with them ahead of time.
But you no longer need a large in-house cybersecurity team. Services like Azure Security Center and Azure Sentinel can provide crucial SIEM and SOAR capabilities.
Even better, security tools – and consultants – are available as a service. Like the one we offer: Managed Security Operations Center. Take advantage of it and don’t fight your battles alone.
Read similar articles