Your IT and security team are hard at work protecting your valuable business assets and data. They understand the importance of security and aim to safeguard it all costs. Although the rest of your workforce also appreciates the importance of cyber security, they are consumed with meeting the requirements of their job responsibilities and their normal day-to-day tasks.
Let’s admit, we’ve probably all been guilty of bypassing some sort of corporate security setting at one time or another.
Whether you think “I’ll deal with that later,” or “I don’t think this is needed right now,” honest employees can open the door for viruses and malware without realizing it. According to an industry study conducted by Bromium (ITProPortal.com, June 2017), even an estimated 35 percent of security professionals have admitted to bypassing their corporate security settings.
The recent WannaCry ransomware attack, which is said to be the largest of its kind in internet history, was delivered in zip files, documents, email attachments and other executables. Once opened, the firewall is crossed and the attack spreads laterally within an organization.
There are several lessons that can be learned from this recent attack. Most importantly, humans will continue to cripple cyber security, so long as it continues to play such a prominent role in protecting the enterprise.
So, how do we work towards a more efficient system that will protect businesses from security risks? If we are able to create a system that works effortlessly behind the scenes, as well as teaching our workforce about the dangers and how to prevent them, our most valuable assets will remain protected. If you’re a Salesforce user, download the EZProtect software today to learn how easy it is to protect your organization.
First posted on ITProPortal.com
By Simon Crosby, June 12, 2017
The recent Wannacry ransomware attack could change the current security paradigm to one that embraces human nature.
WannaCry, the recent devastating global ransomware attack, is now the largest of its kind in internet history. The attack has breached hundreds of thousands of computers in more than 150 countries, crippling a wide range of enterprises, from hospitals and universities to banks and warehouses.
In order to breach an enterprise, WannaCry and other forms of crypto-malware have been delivered in zip files, documents, or executables from the web, email attachments and on USB keys.
Once WannaCry has infiltrated an organization, it moves laterally, holding computer networks hostage until a ransom is paid. I explained exactly how this process unfolded in a recent blog post:
“The WannaCry crypto-malware variant uses the EternalBlue vector to move laterally in an organization. EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target. To attack a target, the attacker must be able to reach it – crossing the firewall. If a compromised computer has mounted shares or knows how to reach an SMB server, the attacker can use this to propagate from the compromised device to the SMB server.”
While the attack is now largely in the rearview mirror, ransomware is still very much a concern among enterprises. WannaCry has created a number of lessons in its wake, and it’s important we take them into account in order to prevent an attack of this scale from happening again.
The first lesson is that quickly patching vulnerable systems is fundamental to stopping lateral spread in any organization. Next is that WannaCry, which was made possible by a leak of the NSA’s hacking tools, served as the latest reminder that the “good guys” cannot keep vulnerabilities from falling into the wrong hands. But the most important takeaway is that humans will continue to cripple cyber security so long as it continues to play such a prominent role in protecting the enterprise.
Although Microsoft publicly released a patch addressing this specific vulnerability weeks before, the thousands of personal computers displaying the now-infamous red ransom script illustrated few had implemented it as instructed. (Of course, it’s not just humans that are to blame — it’s the security paradigm. Windows XP users did not have this option since XP has been unsupported for three years.)
As I said in my commentary on the attack, “As long as the industry continues to play this neverending cat and mouse game of patchwork systems, sophisticated attackers will easily find ways to exploit the public in increasingly large scale attacks such as this.”
At Bromium, we released an industry study just a week before the WannaCry attack that underscored the point that humans continue to be the biggest threat to cyber security. We surveyed security professionals at the premier cyber security event, RSA Conference, as well as sec pros from the U.K. and U.S., and were shocked to find it’s not just unsuspecting end users we need to worry about, but those tasked to oversee the security operation.
We found that on average, 10 percent of security professionals admitted to paying a ransom or hiding a breach without alerting their team. This means that for every 10 individuals on your team, it’s likely that one of them has committed this act of subterfuge. (Someone might have even done it for WannaCry.) Keep in mind, these are only respondents who were willing to be forthcoming about their behavior — if every security professional came forth about their behavior, I would expect this to be an even more alarming statistic.
There are several reasons why these undisclosed dealings are taking place on such a considerable scale. One is that ransoms typically aren’t that expensive. While paying $300 takes a cut of your checkbook, it is a small price to pay to maintain your professional reputation.
This leads into the main reason why professionals are hiding breaches: Getting owned is embarrassing. No one wants to face ridicule from co-workers or be reprimanded by their boss. But keeping these secrets from employers puts the enterprise at tremendous risk. Not only have you let someone into the network, but you’ve left a backdoor for the next breach, which is likely to be more complex. This finding not only speaks to the growing sophistication of cyber attacks, which are fooling those being paid handsomely to prevent them, but also to how we continue to underestimate the role humans play in cyber security.
he study also uncovered another deeply troubling finding: On average, 35 percent of security professionals admitted to bypassing their corporate security settings. No one is surprised when employees avoid security settings (at this point, it’s a given), but it is disturbing to see irresponsible decisions being made within the security department. When you can’t trust what’s happening on the front lines, it means the model is broken.
If there is one thing we should take away from the fallout of WannaCry, it’s that we are overdue for a reset in this industry. There is greater urgency than ever to map trustworthiness into technology, not humans. Cyber security solutions should eliminate human error, not enable it.
Enterprises need to embrace security that takes the burden off the end-user and ensures IT and security teams protect their business assets and data. Of course the positive corollary to doing that is end users go back to getting their work done without constraints placed on them by the security team.
While the potential losses from WannaCry are staggering, my hope is it will be a net positive for the industry that inspires sweeping changes across the board. Human nature is a variable that cannot be controlled, and as this episode demonstrated, it will continue to wreak havoc left unfettered. This attack should serve as a watershed moment that resets the security paradigm and actually embraces human behavior rather than try to change it.
Simon Crosby, co-founder and CTO of Bromium
Image Credit: WK1003Mike / Shutterstock
What You Can Do
- Immediately, install a FREE 30-day Trial of EZProtect Antivirus and connect it to your Salesforce org(s) to start scanning files, document uploads, or chatter for viruses or malicious content. Once this is complete, you will have a sense of how many files your organization scans per month and you will be well poised to convert to a paid plan.
- You may also download the full brochure with FAQs and schedule a demo to better understand how the tool works inside and outside of Salesforce by visiting www.adaptus.com/portfolio/ezprotect/.
Or call 800-955-0573 to request a demo