IT managers: 3 things to do now
Gartner, the world’s leading information technology research and advisory company, issued what it considers to be three MUST-DO tasks for IT Managers. This was in the wake of the ransomware attacks earlier this year.
Malware is continuing to spread, with the WannaCry attack impacting at least 10,000 organizations in 150 countries. That’s according to European authorities where the impact was felt the most.
Gartner reported that while measures were taken to slow the spread, new variations surfaced quickly.
The firm said that RIGHT NOW you must apply the MS17-010 patch. If you do not have it, and you have TCP port 445 open, your system WILL be hit by ransomware.
It also notes three things that IT managers can do now to guard against future attacks.
Gartner said that while it’s tempting to point fingers, one of the key stages of incident response is to focus on root causes. Hindsight, is said, is always 20/20, and picking apart why systems were not migrated does not dig you and your enterprise out of the mire right now.
“Windows XP, a system which were hit hard by WannaCry, can be embedded into key systems as part of the control package and the firmware may not be accessible, nor under your control.”
It added that where embedded systems exist (such as POS terminals, medical imaging equipment, telecommunications, and industrial output systems such as smart card personalization and document production), make sure your vendor is able to provide an upgrade path as a critical priority.
“This should apply even if you have other embedded operating systems, such as Linux or other Unix variants, as it is safe to assume that all complex software is vulnerable to malware.”
Isolate Vulnerable Systems
Jonathan Care, Research Director at Gartner, said: “There will be systems which, although haven’t yet been affected by malware, are still vulnerable. It’s important to realize that vulnerable systems are often the ones on which we rely the most, and so a useful temporary fix is to limit the network connectivity.”
He added that during a crisis of this nature it is better to be cautious, even if business processes are delayed. It is better than total disruption and non-linear data loss.
Gartner’s adaptive security architecture emphasizes the need for detection. Make sure your malware detection is updated. Make sure your intrusion detection systems are operating and examining traffic. Ensure that UEBA, NTA and SIEM systems are flagging up unusual behavior, and that this is being triaged and incident handlers are responsive. Bear in mind additional resources may be required to handle the volume of incidents.
After the crisis lessons will be learned. There will be time for IT managers to revisit vulnerability management (and you must). There will be time to look at how you refocus, not just at protective measures, but also in key detection capabilities such as UEBA, NTA, and advanced SIEM.
There will be time to do some additional threat modelling, and consider carefully what risks you can afford to tolerate – it’s less than you think, according to Care.
Cloud security, he said, may come back into the risk management discussion, but right now IT managers must patch, isolate and stay vigilant.
Lanna Softworks can help with many aspects of IT outsourcing and software development. We have a strong track record of satisfied clients. Contact us today for a no obligation discussion about the IT services we offer to clients locally, regionally and globally.