Story image

Control is critical to contain cyber attacks in New Zealand

09 Apr 18

The latest updates to CERT New Zealand’s critical controls (2018) demonstrate the increasing front on which the battle to protect your organisations from hackers and criminals must be waged.  While many businesses understand the importance of cybersecurity, knowing where to start can be a difficult task.

The consequences of a data breach are not only financial but can also a real damage to businesses’ reputation. According to a recent Accenture report, organisations spend on cybersecurity has increased by 23 percent to an average of $11.7 million.

With this in mind, the onus is on New Zealand businesses to incorporate these recommendations into their best practices. Ensuring you partner with a vendor that can help safeguard your organisation is a must. Here are a few insights which will help position and implement these recommendations.  

Software patches

Making sure your operating systems and applications are patched is crucial to helping ensure that the organisation’s environment remains secure. Many organisations overlook this, as there is an assumption that Microsoft System Centre Configuration Manager (SCCM) patches all your applications.

However, it provides only basic, manual tools to update third-party software, and the resulting labour-intensive process calls for countless hours of research, creation, testing, deployment, and troubleshooting.

In the data centre, while many organisations juggle separate tools to patch physical and virtual servers, paying particular attention to Microsoft applications, others largely ignore the virtual environment and third-party applications, taking on a great deal of risk.

Integrating a single automated patching solution that patches physical and virtual servers as well as third-party applications in a timely manner goes a long way to closing common attack vectors. If you aren’t using SCCM in your environment, you’ll also want to look for a tool that includes patch management for workstations.

Upgrade legacy systems

The evolving technological landscape makes it very easy to prioritise the integration of new tools and solutions. However, it is often the older systems that pose the greatest risk. Legacy systems like Windows XP and Windows 7 are a point of weakness, as they contain critical information but often can’t be patched (Windows XP) or are rapidly nearing the end of patching support (14 January 2020 for Windows 7).

Disable unused protocols

Akin to leaving the window open whilst the front door is protected by an armed guard, leaving unused services and network ports open poses potential security threats. Merely having them on your network provides more opportunities for data breaches; hence, it is advisable to enable necessary services only.

Regular network scans for unused services and protocols are crucial. Security teams should take additional steps to secure and monitor systems, such as disabling SMB ports that provide shared access to unused protocols.

Application whitelisting

You can’t patch everything, so you need to control access to the applications you can’t patch. Application whitelisting can help, but seen as overly complicated to deploy and requiring near-endless management, it can feel restrictive to end users and downright painful to IT.

Whilst this may be true of traditional whitelisting, dynamic whitelisting employing trusted ownership can help you prevent unauthorised code execution without making IT manage extensive lists manually, and without creating obstacles to user productivity. By default, only application files owned by an administrator or the Local System are allowed to execute.

No longer must each application accessed be evaluated to ensure it matches the known good application and is not modified or a renamed file trying to impersonate the whitelisted file—which means no heavy performance impact or commitment from IT.

Enforce the principle of least privilege

The principle of least privilege is widely recognised as key to enhance data protection and malicious behaviour. Restricting users’ access rights to only the information and resources that are necessary for their legitimate purpose reduces the risk of malware infection and cyber-attacks.

The balance between security and user experience is often a tricky one. Limitations in user access can be greatly beneficial from a security perspective; yet users can be frustrated by a very restrictive experience. The key to this is the implementation of solutions that prevent the execution of code from unknown sources whilst allowing for the self-elevation of privileges when exceptions occur.

Mobile device management

Mobile devices are now as indispensable for business purposes as the laptops. As such they contain valuable information and are an attractive target for hackers. Ensuring simple but effective security measures are put in place will help secure this potential weak link.

A proven endpoint management tool with MDM capabilities is crucial in safeguarding security policies such as multifactor authentication, remote management and policy enforcement is enabled. Ensuring a lost mobile device doesn't become the vector through which your company is breached.

The frequency and impact of data breaches are clearly increasing. As is evident from CERT New Zealand’s security recommendations, there is a growing understanding that the mitigation and prevention of a data breach is a lot more cost-effective than recovering from one.

In order to successfully incorporate and implement these suggestions, companies need to have clear internal communication and understanding of how security systems operate.   

Article by Ivanti A/NZ area vice president Michael Bosnar.