By Computerworld, Contributing Editor
Cybercriminals are rubbing their hands with glee right now. They live in a world the attack surface is getting larger by the day. First, employees get a host of new devices, like smartphones, tablets and laptops, that they can take beyond the company firewall. On top of that, with many people working from home, company data is in danger, as cybercriminals sharpen their phishing spears and finetune their ransomware attacks.
At a boardroom level the severity of this threat is not always recognised. The budgets for cyber security remain low and IT and security leaders do not get a free hand in securing the company data.
There are plenty of examples of what can happen when ransomware does get through. This year alone, the world has seen some massive attacks on well-established organisations. Probably the most notorious was the assault on the Colonial Pipeline business in the US. But there have been plenty of other examples in the past few months: Axa France, PC vendor Acer, and the Irish Health and Safety Executive have all been hit.
The Netherlands has not been spared by the cyber criminals. Recently, we’ve seen the REvil attack, that got in through software from Kaseya. And don’t forget the Rotterdam Maersk terminal that shut down for weeks. So, there are plenty of examples to confirm how serious such attacks are.
Besides the severity of the threat, executives should be aware that the threat landscape is constantly moving: it transforms and evolves. This means it is no solution to have a static security system in place and to be done with it. In fact, this is a recipe for disaster because complacency creeps in and employees think they’re safe when they’re not
Security should also be continually evolving, while security professionals should be aware of what is happening everywhere in the world. It’s therefore essential for businesses to work with partners who are aware of the latest developments in security and the global threat landscape.
But the first thing to do is letting the CSOs or CISOs do their jobs. Give them the responsibility and the ability to get secure. The first thing they will do is a risk assessment. What data is under threat? What will be the cost when it is compromised? How can the threat be mitigated? This assessment should be a continuous process as nothing stands still.
There’s a need to put security procedures in place. CSOs/CISOs must ensure that everyone has responsibility when it comes to security and must know what to do … or not do when it comes to encountering shady sources.
And on the technical side, any security partner should get its threat information from a worldwide network of endpoints so it can recognise malware as quickly as possible.
But no matter how good security is, it should always be prepared for the eventuality the malware does get through. Therefore, security should be based on the principle of Zero Trust. This means not one action is trusted without question. All access to resources is assessed based on context. Is the user in Russia or China, while he was in Amersfoort just a few seconds ago? Is accessing the data he tries to handle part of his everyday job? Does he usually use a device like the one he is on now?
But this Zero Trust security also looks at what the firmware is doing, or the operating system, or a printer. It has to look at every action possible. When these assessments of actions happen in real time, malware can be isolated immediately.
All those layers must seamlessly work together to protect data. This is where the HP Wolf Security platform comes in. Enterprises need a solution that can fight against all levels of cyber attacks, all within a single platform. And most importantly, works effectively in the workplace and external environments, like the home.
HP Wolf Security will be a first line of defence against ransomware attacks. It will make extensive use of AI technology as a way of combatting the most relentless attackers.
It can render malware harmless through threat containment, which shrinks the addressable attack surface by delivering protection against the most common attack vectors. Wolf Security also offers self-healing firmware, in-memory breach detection and automated alerting helps IT and security teams to monitor, manage and recover from remote firmware attacks.
Added to this, cloud-based intelligence and data gathered via endpoints enhance threat data collection to turn a traditional weakness –the endpoint –into an intelligence gathering strength. Of course, CIOs can always manage this themselves but HP Wolf Security provides everything in one platform.