Cybersecurity: Threats & Mitigation Video 4 of 4
Updated: Jul 2, 2018
-- Transcript --
Backup is actually one of the most important steps that you should do with your IT system, whether is a server, personal data in your computer. Because, knowing that you have a good copy of the data or programmes in somewhere safe, hopefully isolated from your system, you can solve a lot of problem. Even though your entire IT system being wiped off, you still got backup data in somewhere, in separated thumb drive at home, burn in some CDs, in some remote storages which are very secure, then you are fine.
So, firstly, backup is a good practice, whether is automatic or you do it manually. More importantly, keep multiple version of the backup, preferably name it with some time stand or store it with different version numbers and so on. Because, even if you have automated backup like Google Drive or Dropbox, which are auto-synced, when you write a local copy in your computer, it synchronises automatically to the file in google drive. If you rename the file, your file in the cloud will be renamed. If you encrypt your file, the copy on your Google drive or iCloud will also be encrypted. So, it is as bad as no backup at all unless there are multiple versions of backup at another isolated place. If you unable to do it yourself, you can engage with data backup service providers to do it for you.
Second method is blocking. I believe most of your PCs or laptops will have antivirus. Antivirus typically works by using signatures, so every single bad malware like virus and ransomware will be recognised and blocked. Once enough information or sample of that malware is collected, they will be added as signatures and your computers are protected from these malware. However Ransomware keep changing and they cannot cope with the rapid changes. Even though our clients are using very reputable Antivirus software, yet they still got infected. So you will need something else to compliment your antivirus, which preferably is another software that works on the basis of blocking unknown programmes. The concept is, rather than trying to detect who is the “bad guy”, the programme only allow list of “good guys” or recognised software to run on my computer. Anything that is not in my list, I block it. This is a different concept and it works very effectively against unknown malware.
Keeping system software up-to-date makes malware harder to infect your computer. A lot of time computer can get infected by ransomware, because of a curious user who clicked on an email link, downloaded the software and not knowing that it is ransomware. It might also harm the other computers which are in the same network. If your software is up-to-date, typically it is harder for ransomware to infect your PC. Basically, just be cautions and stop being too curious whenever you see something unrecognised. Also, organisations should promote security awareness, by running a related programme among employees.
When it comes to backup for enterprise level, should you be looking at private enterprise backup or managed cloud backup? There are pros and cons for both. For private enterprise backup, you need to have your own storage hardware, host it yourself in your own company premise or in any of your authorized data center, and enjoy full control of data, with optional data encryption service. Of course when you invest in this kind of backup solution, it involves Capex and requires internal expertise. On the other side, there are providers of managed cloud backup, which a SME do not need internal expertise to manage data backup task. Data encryption is recommended, imagine your company have a lot of private documents, like your legal documents, payroll documents which you auto-sync to Google drive, do you know that all the documents are actually not encrypted on the cloud? So you need a solution where u can locally backup using only the password that you know. Then the moment when the data back up in the cloud, it will be encrypted. For example Google drive, you have to trust google employees or you might really want to do encryption for your important documents before you upload into your Google drive.
Now, we are trying to promote whitelist-based protection. Antivirus is basically black-listed based protection, which you blacklist the unauthorised programs. White-list works differently, where firstly all the authorised programmes like Microsoft Offices, customised banking solution or other authorised corporate programmes are white-labeled and then it goes to your corporate white-list. So, with this you do not need to worry about unknown software anymore, because anything which not in your corporate white-list will be banned. What if the whitelist is not updated? It is not as bad as your blacklist which is not updated, which later can be authorised by your IT administrator. So, not being able to run a software for a short time before your corporate admin update it, still much better than your network get infected. In e-Lock, we have developed solutions like this, which is to compliment your antivirus software, not to replace it.
Another thing, how do I know that someone is tampering my data? Basically we are looking at prompt mitigation requires early detection. Because if someone is in your system, it is difficult for a person not to alter the data. There are 2 approaches to monitor the integrity of your system:
One of them is On-Premise integrity monitoring, by deploying networks of agents to monitor any authorised or unauthorised changes. Let’s say, why this piece of server configuration has being changed? Who changed it? Why my web data is missing or being tampered? Our integrity monitoring software, WebALARM, can act in real time and you can choose to perform automatic recovery in the event of data violation. You will get alerted about the changes and the beauty is automatic recovery of data. So this is another possible approach to early detection of data violation.
Another part is, let’s say you do not have any IT people to maintain or install this things, you probably want to have an external view of your website. Large corporate usually have so called “intrusion detection system”, but do you know that there are 2 ways of hacking your website? First, by hacking your website directly, which is tougher because of all the security features. Another easier way is to hack your domain provider, by poisoning the DNS, make a website for example e-Lock’s website, go to my own server. Without hacking e-Lock, those people who browse for e-Lock website will see the “hacked” e-Lock website. So, any system that you have within your organisation may not be enough, you need a monitoring system which is external, preferably global if you have a global presence. Because, DNS poisoning or cache poisoning might be local, which will only affects visitors from certain country. For example sometime when I check my website in Malaysia, it looks OK, but someone browsing from USA may see a different page. So you need an external monitoring service that will help you monitor your page. A solution such as our very own ScanMyPage monitoring service can be deployed for this purpose.
Tired of chasing shadows with regards to combating Ransomware threats? ARWARE offers an alternative method to protect your IT assets via application whitelisting. Click HERE to find out more or contact us for a presentation.
Your IT team are fully stretched to the limit and yet still need to be on top in handling cyber security threats that may affect your business operations? How about having our Managed Security Services (MSS) team off-load some of your IT security responsibilities without having to further grow your team at a considerable cost? Email firstname.lastname@example.org for a appointment to present our MSS offerings and solutions.