Reality has a way of asserting itself, no matter what personal or business choices we make, good or bad. For example, very recently, the services of the city of Antwerp in Belgium were the victim of a very disruptive cyber attack.
As usual, people cried out ‘bad play’ and suggested that appropriate cybersecurity measures should be put in place. And again, as usual, things come a little late. There’s nothing special or unique about the attack, nor is it the last of its kind.
So why are we in IT still whistling happily and continuing as if nothing happened? Is everyone’s disaster recovery plan really that good? Are all security measures in place – and have they been checked?
Let’s do a quick recap (what to do)
First, we’ll cover the basics. Implement proper user training, including the usual things such as password hygiene, limiting account sharing, and clear instructions not to open untrusted emails or visit malicious websites. It’s an uncomfortable fact that human behavior remains the weakest link in cyber defense, but it’s a fact.
When you think about the infrastructure side, you can’t protect what you don’t know exist, so consider doing a proper inventory. Next, implement network segmentation to divide all traffic into the smallest possible areas.
Simply put, if a server does not need to see or communicate with another server, it should not be connected to the same VLAN without exception. Remote access must move from traditional VPN access to Zero Trust networking alternatives.
Everything should be encrypted, even if the communication is internal only. You never know what’s already hurt, so someone might eavesdrop when you least expect it.
Finally, prevent users from randomly connecting devices to the network. Block ports and restrict WiFi access to known devices. Users will complain, but that’s only part of the tradeoff. In any case, exceptions should be kept to a minimum.
Patching your server is really important
Switching to servers, the main advice is to update everything via patches. This is true for open public servers, such as web servers, but it is also true for hidden print servers in cabinets.
An unpatched server is a vulnerable server and only one vulnerable server can bring down a fortress. If patching is too difficult to do on a daily basis, find alternative methods like live patching and use it whenever you can.
Pirates are crafty and they don’t need your help easily, so plug as many holes as you can – the quicker the better. With live patching, you don’t have to worry about which vulnerability is prioritized, because you can fix them all in one go. There are no downsides.
Proactive approach
If a server has no reason to exist, deactivate it or cancel the instance. Whether it’s a container, virtual machine, instance, or node, you need to act as soon as possible. Otherwise, you’ll end up forgetting about it until it’s breached. At that point, it was too late.
Therefore, you should maintain a proactive approach. Stay up to date with the latest news and security threats. While some vulnerabilities receive disproportionate attention due to “named” vulnerabilities, it is sometimes one of the multitude of “regular” vulnerabilities that hit the hardest. You can use a vulnerability management tool to help you.
Establish a disaster recovery plan. Starting from the simple premise of “what if we wake up tomorrow and none of our computer systems work?” »
Answer the following questions: How quickly can I get basic services up and running? How long does it take to restore a full backup of data? How often do we check backups? Is the service deployment properly documented… even if it’s a hardcopy of the ansibles script? What are the legal implications of losing our systems, data or infrastructure for a few weeks?
Most importantly: Act now, don’t delay
If you’re struggling with any of the answers to the above questions, it means you have work to do – and it’s not something you should. delay.
As an organization, you want to avoid getting your systems down, your customers visiting your competitors’ websites, and your boss asking for answers – all the while. you have to give is a blank look and scared face.
Saying that is not a defeat. All of the questions we posed can be answered, and the methods outlined above – although only scratching the surface of what should be done – are a good place to start.
If you haven’t considered it yet… it’s best to start now – before something bad happens.