How to Minimize Risks of Cybersecurity Attacks: Reactive vs Proactive Approach
In the following blog post, we will talk about the recent malware attack, how “ultimate” security solutions may harm your business, and how proactive approach to security can help prevent and minimize the security risks.
Don’t Panic – You Need a Plan
While companies are still struggling to recover their infrastructure and deal with losses, the latest particular cyberattack was a clear signal how vulnerable organizations were against such attacks. It’s now an ultimate challenge for CEOs and IT managers of any company to mitigate risks of future nightmares like this one.
Many security system integrators have jumped on the NotPetya ransomware bandwagon, offering proprietary security solutions to their clients. Most of these solutions are proclaimed to be an ultimate “silver bullet” for each and every existing security issue. At the same time, according to the world’s best cybersecurity practices, a universal remedy against cyberattacks doesn’t exist yet, except disconnecting the device from the Internet. Security integrators, who in most cases are merely security software or hardware resellers, offer a reactive approach towards cybersecurity.
The major difference between reactive and proactive whether approach, thinking, or strategy, is the following. Our behavior is reactive, when we take action in response to unanticipated adverse event that has already happened. Not to mention the consequences and damage mitigation, reactive approach limits our vision to only a revealed vulnerability leaving us exposed to a host of other risks. It even does not allow eliminating properly this one known vulnerability, because we consider it from the victim’s perspective, not attacker’s one, and can easily be mistaken in our countermeasures. On the contrary, being proactive means thinking ahead of events and from much broader perspective.
So, let’s review why reactive approach towards cybersecurity doesn’t work, why the proactive approach is better and what are the real ways to reduce the risks.
Downsides of Reactive Approach
A strong indication of the reactive approach would be a focus on certain vulnerabilities, exploits, schemes, and conditions that led to the cyberattack. E.g., one of security measures against NotPetya malware, offered by security integrators, is the isolation of dangerous applications such as the compromised M.E.Doc software, which was the primary source of the outbreak. We don’t deny the weakness of M.E.Doc update model and dangers of such supply chain methods, however, such software is only one of all weak spots that could potentially lead to incidents.
If you only focus on the past oversights, you won’t be ready for the new problems. Most likely, old loopholes will be irrelevant for a new cyberattack in the future. Temporary one-off solutions, such as the implementation of security hardware and software focused on the specific problem, give a fragmented and/or short-term effect, and can only solve security problems erratically. The reactive approach is never a strategy. While it’s not enough to patch major vulnerabilities, it’s pretty redundant to shift focus to the minor ones.
Meanwhile, security integrators ignore other risks, such as human factor, which is the main source of various cybersecurity threats leading to hackers’ infiltrations and data leaks. Thus, the reactive approach can be a sign of pure financial interest of a security integrator. All that renders reactive approach ineffective and not the best proposition.
According to the best cybersecurity practices, the optimal security is achieved through risk assessment and constant support of security processes, in addition to the one-off approaches and patching large loopholes. Security management is a complex systematic process, dealing with all aspects of company’s activities, starting from personnel employment and termination to vendor management, from security equipment implementation and secure software development to business continuity management, from data backup to event monitoring and incident response.
Here’s where true proactive approach comes into play.
Benefits of Proactive Approach
Infopulse shares an opinion of cybersecurity community that, in a long effect, it is much better to use the proactive approach to security processes and management. While proactive systematic approach requires more time and resources than purchasing new security equipment, it empowers companies with a more clear understanding of their security problems along with a rational justification of investments into security solutions.
There are many time-tested standards and best practices of company security management, with the primary being NIST, PCI DSS, ISF SoGP, ISO 27000, OWASP, ITIL and some others. However, being adopted imprudently, these standards may be too complex and raise concerns among business owners to be bogged down in bulks of documentation and organizational processes.
Of course, we have experience in implementing ISO 27000, ISF SoGP, ITIL and other standards, and can help adopting and customizing them for anyone’s needs. However, security maturity of the customers is not always high. Not all of them are ready to dive deep into processes, procedures, records, and metrics. Some companies prefer a systematic and, at the same time, simple approach to IT security.
A quick alternative optimal “receipt of IT security” can be found in a relatively small document called “The CIS Critical Security Controls for Effective Cyber Defense”, developed by SANS Institute and constantly updated by the Center for Internet Security – a non-profit organization, run by representatives of US companies and institutions.
The aforementioned document contains 20 groups of activities of a technical rather than organizational level:
- Inventory of Authorized and Unauthorized Devices.
- Inventory of Authorized and Unauthorized Software.
- Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers.
- Continuous Vulnerability Assessment and Remediation.
- Controlled Use of Administrative Privileges.
- Maintenance, Monitoring, and Analysis of Audit Logs.
- Email and Web Browser Protections.
- Malware Defenses.
- Limitation and Control of Network Ports, Protocols, and Services.
- Data Recovery Capability.
- Secure Configurations for Network Devices such as Firewalls, Routers, and Switches.
- Boundary Defense.
- Data Protection.
- Controlled Access Based on the Need to Know.
- Wireless Access Control.
- Account Monitoring and Control.
- Security Skills Assessment and Appropriate Training to Fill Gaps.
- Application Software Security.
- Incident Response and Management.
- Penetration Tests and Red Team Exercises.
Thus, as a compromise between full-scale process and procedural approach and “silver bullet” one-off approach, we offer to use this set of controls, aimed to strengthen the security of IT infrastructure.
Security Strategy and Infrastructure Hardening
Infopulse successfully realized and integrated proactive approaches in projects for our clients worldwide. One of our latest projects is “My ZNO” mobile app, allowing students to get results of the nationwide state external testing on the go. The results of external testing exams and, thus, the peak of app usage concurred with the days of the NotPetya attack. “My ZNO” application and our company’s infrastructure were unaffected as Infopulse strongly adheres to security guidelines and processes.
Risk assessment is currently the only way to optimize expenses on security equipment and software, which prevents malware outbreaks and other security incidents. Being competent in security audits, penetration tests, risks assessment, security monitoring, infrastructure hardening and other security areas, Infopulse is always ready to share the experience.
We help our customers apply “smart” approaches of infrastructure hardening. We use methods of building internal security without the need to overpay for the solutions, which don’t always solve new and forthcoming issues and attacks. Infopulse helps our clients develop tailor-made solutions suitable for their specific business needs, which can increase the security of the whole IT infrastructure and, particularly, boost the protection against malware.