As Cisco’s former CEO John Chambers famously said, there are only two types of companies – those that have been hacked and those that don’t know they have been hacked. Though cyberattacks make headlines almost daily, the average time taken to detect a breach in the Middle East region is estimated to be a whopping 469 days, as compared to the global average of 146 days. And this boils down to the absence of basic cyber hygiene, which could have helped businesses in the region to combat some of the breaches we have seen this year.
But, can it help you prevent some of the serious threats such as ransomware and DDoS?
“Every organisation should focus on two cybersecurity fundamentals: Understand what’s going on, and know the simple actions you can take to facilitate better cybersecurity in your environment. We can leverage the network to enable both of these fundamentals. Lax company privacy measures and poor cyber hygiene make a hacker’s job easy and make us all prime targets. For example, big attacks such as last summer’s WannaCry and Nyetya attacks were completely preventable on devices which had the Windows upgrade that fixed the vulnerability. Yet hundreds of thousands of people didn’t apply the patch! Installing updates only takes a few minutes, so commit to making this part of your daily routine,” says Scott Manson, Cybersecurity Lead – Middle East and Africa, Cisco.
Rick Holland, VP Strategy, Digital Shadows, says as ransomware targets and prevents access to data, regularly backing up data and verifying its integrity is crucial. “Ensure that backups are separate and remote from the main corporate network and the machines they are backing-up – that way, if you are the victim of a ransomware infection, you can still retrieve your files as copies are stored elsewhere. Cloud-based or physical backups are recommended, but be aware that some ransomware can encrypt data on cloud-based backups when systems continuously backup in real time,” he warns.
Werno Gevers, Business Development Manager – Middle East, Mimecast, says though good cyber hygiene is an important element of protecting individuals and organisations from such attacks, it’s only one piece of the puzzle. Serious risks such as ransomware need to be handled with serious strategies, so it’s important to make procedural changes within an organisation and have the right technical abilities and user education in place.
He adds the first step towards cyber hygiene would be to implement an effective cyber safety awareness training programme, to educate employees about cyber risks and the prevention of targeted attacks. It’s then up to the individual to ensure that they follow best practices so they minimise the chances of falling victim to ransomware. This would include limiting what they share online to prevent social engineering and impersonation fraud, and being more aware of the signs of a malicious attack, such as recognising phishing URLs or illegitimate email addresses.
Harish Chib, VP, Middle East & Africa, Sophos, says staying secure against serious threats isn’t just about having the latest security solutions. Good IT security practices, including regular training for employees are essential components of every single security setup. “Patch early, patch often. Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash and more. The sooner you patch, the fewer holes there are to be exploited.”
So, what are some of the basic regular cyber hygiene practices organisations should be following?
Roland Daccache, Senior Regional Sales Engineer, MENA, Fidelis Cybersecurity, says the basic cyber hygiene practices remain educating the user, developing a process for software installation, identifying vulnerable applications, continuously patching, backing up critical data, using industry accepted standards in firewall and endpoint configuration, and limiting user privileges. “The list goes on and on, however the aforementioned are by far the most relevant measures in terms of urgency.”
Morey Haber, Vice President of Technology, BeyondTrust, says that in addition to patch management, the management of privileged credentials required to access sensitive systems and information is of utmost importance. “Remove all unnecessary administrator rights from servers, workstations, and network devices. Most malware cannot take a hold of a system without administrative privileges and if all systems have unique passwords, lateral movement can be contained from a threat.”
Kamel Heus, Regional Manager – MEA, Centrify, agrees: “Many cyberattacks rely on administrative privileges. As so many attacks are successful, it’s plain that administrative rights are not being controlled adequately, and privileged credentials are being compromised.
“No one should log on as an administrative user unless they have a real need – no e-mail or internet browsing should be done from accounts with administrative rights. This will mitigate damage from many (spear)phishing attacks.”
Industry pundits agree that a good cyber hygiene is the cornerstone of an effective security architecture for any enterprise. CISOs must constantly review practices, educate their employees on those practices, and lead the fight back against hackers with a better cyber hygiene.