8 Steps To Protect Your Organization Against Cyberattacks

I seldom write about IT or cybersecurity, but today I decided to make an exception.

There have been several publicly known ransomware attacks recently. The attacks against Colonial Pipeline and SolarWinds were eye-opening to many. The attack against Kaseya affected, according to the vendor, 1,500 organizations worldwide. The villains found a clever way to extend their reach by attacking vendors that provide tools for MSPs. Even my local golf club got hit in the Kaseya attack.

Ransomware attacks are nothing new, but what is new is that criminals are now better organized and have a larger and more devastating impact. They have also aligned their demands with how much their victims are prepared to pay.

You can never fully protect yourself, but you can make it harder to become a victim. Perhaps it's like when burglars scout houses to rob, avoiding the ones with high security. Here are eight ways to make sure that your "house" has a decent level of security:

1. Scrutinize the tools you're using and think about how you can create silos in your environment to limit the impact of an attack. Think like the U.S. Air Force, which makes sure to have two separate fleets of tanker aircrafts. If one manufacturer's aircraft has an issue, the other can still fly and provide refueling services in the air. Operational capabilities remain intact.
2. Make sure all your systems are updated -- that's probably the best protection against being attacked. But also make sure that updates are not infected (like what happened to Kaseya's customers). Most updates don't need to be installed right away; you can often wait a few weeks. And for business-critical systems, it makes sense to first install updates in an isolated test environment. Last, make sure the updates are authorized and published by your vendor. When in doubt, make a phone call to the vendor and verify.
3. Train on how to roll back updates so you are comfortable doing it on servers, personal computers, SANs, firewalls, routers, etc. When there's an issue, you might be able to limit the impact with a quick roll-back.
4. Make sure that you use complex passwords and implement two-factor authentication. Best practice is that your administrators should use personal accounts with the lowest possible level of access. Once they need a higher level of access, they should use another account just for that purpose, or get their access temporarily elevated, and then go back to the lower level of access for regular work.
5. Separate your backups and make sure they are impossible to reach by someone with full access to your production environment. Ransomware attacks often involve attacking backups, but if they're separated and intact, you can get back to business quicker. Simulate restoring your systems with your backups as it's important to know exactly what to do when needed. When your backups are separated and you know exactly how to restore, you will be much more protected.
6. Create a map of which systems are business-critical and if there are any alternative solutions when you're under attack. That might mean going back to manual routines or switching temporarily to alternative systems that you can get up and running within a number of hours.
7. Evaluate your vendors on how seriously they take cybersecurity and how prepared they are. We are all in this together and no chain is stronger than its weakest link.
8. Educate your staff in cybersecurity so they understand how they should act. This involves what type of pages to avoid, what information never to give and how to detect phishing e-mails.

It's a dangerous world out there. Follow these steps and together we can make it a little bit less scary.

Posted by Per Werngren on September 02, 2021