There is no shortage of cyber problems in the world today, whether you’re a government, a hospital, a global corporation, a small business or an individual. The biggest problem one faces is deciding which one, or which combination of solutions is best for what you require.
You can simply opt for the cheapest offer, which may do a good job, if you’re lucky. More realistically the cheap product will only offer limited protection when compared to the more expensive products that have had extensive research and development behind them. Of course, all the cybersecurity vendors will tell you that there is no 100% guaranteed security solution out there, so what does the buyer do?
Hi-Tech Security Solutions asked a few people in different aspects of the information security market to tell us about their products and solutions to the continual cyber threats faced by everyone today. We wanted to know what tools there are for proactive protection, what should be done as a remedial solution if you are compromised, and what other processes are needed (apart from technology) to keep a company or individual as secure as possible.
Our answers came from:
• Riaan Badenhorst, GM, Kaspersky Africa.
• Pieter Nel, SADC regional head, SOPHOS.
• Nadia Veeran-Patel, manager: cyber resilience, ContinuitySA.
• Andrew Voges, country manager South Africa, Check Point Software Technologies.
• Mayleen Bywater, senior product manager for cloud security solutions, Vox.
• Trent Odgers, cloud and hosting manager, Africa, Veeam.
• Charl Ueckermann, CEO, AVeS Cyber Security.
Hi-Tech Security Solutions: What solutions do you have for detecting malware in all its forms?
Badenhorst: We live in a world where technology connects us across platforms and borders like never before, opening us to new vulnerabilities at any given time. As such, cybercriminals are always looking for sophisticated ways to infect users’ devices, or a network of computers within an organisation and with malware, we see attacks coming in various forms including viruses, worms, Trojans and spyware, to mention just a few. As such, at Kaspersky we offer a range of solutions to assist in device protection. Examples include Kaspersky Security Cloud, Kaspersky Internet Security and Kaspersky Total Security – solutions that are aimed at protecting what matters most to users, their money, privacy and data. These solutions are designed to protect the modern household and family, helping people care for their connected devices and every aspect of their digital lives.
Nel: There’s no silver bullet to malware, ransomware or the targeted attack. You need a range of security technologies to protect your business from known and unknown threats. That’s why Sophos recommends a synchronised approach to dealing with these threats using both network and endpoint defences. These include Sophos Endpoint Protection, our new approach to endpoint security named Intercept X, Email Security, Web Security, IPS and Firewall are all critical to your protection.
Veeran-Patel: ContinuitySA doesn’t provide tools, but instead provides expertise crucial for identifying the threats faced by businesses. This step precedes the use of tools; adequately mitigating risks depends on knowing what those risks are.
Voges: IT security is undergoing an incredible and disruptive upheaval. What was innovative and leading yesterday is stale and behind today. Security’s comfortable existence around the safe and predictable perimeter has been overrun by smart mobile devices, virtual instances, public cloud, private cloud, Everything-as-a-Service (EaaS), the Internet of Things (IoT) and more. The rapid digital transformation of business is placing ever-increasing demands on security, and today we are seeing unprecedented fifth generation cyberattacks carried out as large-scale, multi-vector mega attacks that inflict major damage on businesses and their reputations.
Given the fact that we are now facing next level attacks, most organisations have come to the conclusion that true protection is unattainable and therefore the focus should rather just be on detecting and mitigating threats after they have penetrated their defences. We cannot afford to think this way, as this is an extremely risky strategy where organisations are basically saying ‘let’s just wait for the next attack to happen and when it does, we will try our best to handle it’.
We are saying that detection and mitigating is not the answer when it comes to cyber security. Organisations need to take a preventative standpoint and equip themselves with a security architecture that can adapt to the dynamic business demands of today, one that specifically focuses on prevention to ensure the complete protection of all key assets, such as its network, mobile devices, cloud infrastructure and so on. How can organisations protect themselves? With a consolidated, single security architecture that:
• Manages mobile, cloud and network environments.
• Protects them with integrated threat prevention.
• With a security policy that expresses their business needs.
• And supports the ebb and flow of cloud demand with auto scaling.
Bywater: There is no one solution that will detect malware. We have security services that address cyber threat assessments in front of your firewall, network (next generation firewalls), email security, endpoint, backup services, vulnerability assessments (website, firewall and full penetration tests) as well as managed services.
Odgers: The reality is that there is no single solution that can secure every entry point into the business and protect against every piece of malware that is out there. Instead, businesses need to view this as an ongoing process to manage and protect data and its security in a connected world with a variety of solutions and processes.
Veeam Availability Suite 9.5 Update 4 includes enhanced features to Veeam DataLabs which allows businesses to use backup data to assist with security and data governance options, including GDPR readiness and malware removal. This means we give the business the ability to restore a virtual machine in an isolated environment, run another vendor’s antivirus software against that machine, and either remove or trace the malware or ransomware using the business’s security solution of choice.
Secure Restore with Veeam DataLabs offers a unique way to stay on the front foot against cybercriminals and accidental hazards. This feature helps businesses identify potential weak spots in their technology infrastructure and stress test those without risk to day-to-day operations.
Ueckermann: When protecting your organisation against cyber threats, simply think about how you interact with the cyber world.
Step 1: Antivirus (endpoint protection) for every PC, laptop (endpoint device) and server that is connected to the network in your IT and OT environment. This includes the control of guest endpoint devices that are connected in your environment. Use reputable endpoint security products.
Step 2: Firewall with APT on the perimeter and firewall,
Step 3: Email scanning services of every email prior to entering your IT network, include the APT (Advanced Persistence Threat) services.
Step 4: If you use cloud services, ensure you have adequate multi-factor authentication in place (username and password is not enough) Ensure the data in your cloud services are properly protected. The fact that it is hosted in Azure or AWS or any other public data centre does not make your data safer to access, it just makes it more available when required.
Step 5: Training of execs, staff and IT support in cybersecurity awareness.
Hi-Tech Security Solutions: What do you offer as proactive and preventative solutions?
Badenhorst: Kaspersky’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats.
We also offer Security Intelligence Services to corporate customers, as well as the comprehensive integrated Kaspersky Endpoint Security platform, along with a range of specialised, targeted solutions. Among its new offerings are Kaspersky Threat Management and Defence – an advanced cybersecurity platform to protect enterprises from complex threats – and Kaspersky Security for Microsoft Office 365 – a solution bringing next generation detection technologies for providing enhanced protection for Exchange Online in Microsoft Office 365.
Nel: Complex, coordinated malware attacks are now the norm – a single threat will often touch your web browser, firewall, servers, endpoints and data. Sophos’s Synchronised Security is a best-of-breed security system where integrated products automatically share security information and respond automatically to attacks. The result: faster, better protection against advanced threats.
In order to better illustrate the effectiveness of synchronised security, let’s take a look at how it works in the real world with examples of a couple of today’s most prevalent malware: Botnets and Ransomware.
Botnets: where hackers control a network of innocent devices to carry out coordinated cyberattacks are now one of the top five global security threats we face. The health state and the botnet threat information are sent, via the Security Heartbeat, to the Sophos XG Firewall, which automatically isolates the compromised device by removing network access. This stops botnet malware from communicating with its command and control server for further instructions. This also prevents further infections from being spawned using this initial device
The Security Heartbeat also shares this information with Sophos Encryption, which revokes the encryption keys on the affected machine until the problem is fixed, to prevent any data theft. This entire process, from detection to isolation and key removal, happens instantly and reduces incident response time from hours to seconds. Once all affected machines are isolated and unusable by the botnet, our endpoint protection automatically removes the botnet malware.
After the systems have been automatically returned to their initial, clean state, the IT administrator can restore the endpoint health status to GREEN. This information is instantly shared with the rest of the security system via the Security Heartbeat. The XG Firewall restores network access to the device, the encryption keys are returned, and your network is botnet-free.
Ransomware: Ransomware usually arrives via email. As soon as the unsuspecting user opens the email and activates the ransomware, Sophos Intercept X’s anti-ransomware technology stops the attack on desktops, laptops and servers, while Sophos Mobile Security protects mobile devices. Synchronised security turns the at-risk devices to a RED health status in Sophos Central. This change of status, and associated threat information, is sent via the Security Heartbeat to the Sophos XG Firewall and a similar process to that described above follows.
Veeran-Patel: With cybersecurity, you should plan for the worst and know what to do should an incident materialise. Our Cyber Resilience service examines critical information assets, plans for mitigation and remediation, and response and recovery measures. In short, we make sure you have a plan so you do know what to do.
Assuming you will be attacked at some stage, and that the attackers will succeed, is the basis of a proactive approach to information security and risk management. Doing so depends on looking at data holistically and not just data connected to the Internet. After all, while plenty of attacks do indeed arrive via the Internet, they can also show up at the front desk with a USB-drive, for example.
With initial assessments completed, you need a roadmap matched to your cybersecurity strategy and guidance on the tools necessary to address any gaps and minimise the risks identified.
Voges: Check Point Infinity provides complete protection from known and zero-day attacks across the entire environment. Check Point Infinity delivers on this vision by uniquely combining three key elements:
• One security platform leveraging unified threat intelligence and open interfaces. Infinity provides the highest level of security on all platforms regardless of network or size, blocks attacks using common threat indicators across all networks, and easily integrates into third-party modules for elevated security and orchestration.
• Pre-emptive threat prevention, blocking the most sophisticated attacks before they happen. Infinity is focused on prevention, preventing both known and unknown targeted attacks.
• Consolidated system of single management, modular policy management and integrated threat visibility.
Bywater: We have recently launched our proactive managed service that helps with alerts, reviews, reporting, remediation and offers consulting. With our managed service we help our clients understand and work through the mirage of security policies and rules sets that assist them with protecting their environments. We consult with our clients to ensure that the rules and policies in place are correct and adequate to protect them from new viruses.
Odgers: Veeam has built-in proactive capabilities in many of our products to warn you before something is going to happen, ensuring that we are not only reactive, but prevent downtime in the first place. Veeam ONE, part of Veeam Availability Suite, provides additional comprehensive monitoring, reporting, capacity planning, automation and analytics solution for your virtual and physical environments, integrating into Veeam Backup & Replication, Veeam Agents, VMware vSphere and Microsoft Hyper-V.
Disaster Recovery-as-a-Service (DRaaS) is a valuable cloud-based model. With DRaaS, business-critical applications can be up and running almost instantaneously after an incident. Like other ‘as-a-Service’ models, DRaaS offers significant advantages for businesses of a range of sizes. The lower costs make availability accessible for smaller businesses who could otherwise have struggled to implement such a service in-house. Equally, its scalability benefits the larger enterprises, whose needs might vary depending on the number of servers, applications and databases being used at any one time.
Ueckermann: Start with an IT risk assessment. This will give you visibility into your complete IT and OT environment and identify blind spots or over expenditure in IT. Draw up a phased plan or action from here.
Ensure all your IT security solutions are configured to best practices in order to ensure you have ultimate protection within your environment. Obtain the services of an IT security operations centre (SOC) provider to proactively monitor your IT environment against threats (indicators of compromise).
Ensure you have a working disaster recovery (DR) plan and technology in place to recover your IT data within a reasonable time frame in case of a disaster or data breach.
Hi-Tech Security Solutions: What do you offer as a remedial solution once the attack has happened?
Badenhorst: Cyberattacks are very unpredictable and can come in many ways. In an instance where your business is held to ransom by cybercriminals, we always encourage businesses not to pay the ransom. At Kaspersky we have the latest decryptors and ransomware removal tools that can assist businesses that have been held to ransom to get their digital life back.
Further to this, no one is safe from cyber threats, whether a big organisation or a person’s personal information can be hacked. In order to avoid such attacks, Kaspersky provides a free anti-ransomware tool which is available for all businesses to download and use, regardless of the security solution they have installed.
We also offer collaborations, where businesses can join Kaspersky on the No More Ransom initiative that allows organisations across Africa and globally, to join forces in order to disrupt cybercrimes with ransomware connections. The No More Ransom initiative was launched with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals. In fact, to date over 12 500 victims have decrypted their files without paying any ransom – an innovative measure that is easy to use without requiring the technical know-how.
Additionally, should you be hacked through a phishing scam, the following becomes critical.
1. Run your antivirus program.
2. Change your passwords.
3. Change your passwords on your other online accounts.
4. Get totally secure.
Veeran-Patel: A cyber-attack which gets past your defences is a fluid risk. It is difficult to evaluate in the short term, which is why it is important to step back and assess the immediate, medium- and long-term impact. One business continuity measure that can reduce the impact of threats is the process of backups. Backups which are reliable, consistent and monitored proactively by our internal team 24/7 for failures.
These backups are typically maintained with the added resilience which comes with expertise in risk management, business continuity and disaster recovery, as well as cloud hosting services which make recovery solutions highly effective.
Bywater: Our managed services teams are positioned with skills to scrutinise policies, help amend them and to verify alerts. We can also offer a full penetration test to help pinpoint where the issues are logged. This is accompanied by a detailed remediation plan, which highlights low to high priority issues, where the breaches are and provides details on how to remediate.
Odgers: The spate of global malware attacks should be the impetus every organisation needs to review its business continuity and disaster recovery strategies in the event of a crisis, irrespective of its origin. The first phase is to get the business up and running. A tried and tested disaster recovery plan should be executed. If the site has been breached with ransomware, then Secure Restore should be used to clean the infected VMs and get the business up and running as quickly as possible.
Ueckermann: Initiate an incident response plan which consists of the following phases:
• Establish policies, procedures, and agreements for incident response management.
• Define communication guidelines.
• Incorporate threat intelligence feeds.
• Conduct cyber hunting exercises.
• Assess your threat detection capability.
• Detection and reporting.
• Triage and analysis.
• Containment and neutralisation.
• Post-incident activity.
Hi-Tech Security Solutions: What processes and best practices do organisations need to have in place to protect themselves?
Badenhorst: Here are some tips and best practices that will help you stay safe:
• Do not open emails and attachments from unknown and untrusted sources.
• Do not click on any suspicious links, even if they were shared my friends on social media.
• Do not use the same password across your various social media and banking accounts.
• Always keep your devices and operating systems updated to their latest versions.
• Install a security solution across your various devices.
• Never share sensitive information like your address or credit card details online.
Nel: Some recommended best practices include:
1. Backup files regularly and keep a recent backup copy off-site. Encrypt the backup for an additional layer of protection.
2. Do not enable macros to open attachments that are sent via email as this is how infections are spread.
3. Be cautious about unsolicited attachments and refrain from opening them.
4. Patch early and patch often. Usually malware that is not spread via document macros, often rely on security bugs in popular applications such as Office and Flash.
5. Train and retrain employees to avoid booby-trapped documents and malicious emails.
6. Invest in a robust security solution that provides effective defence against emerging threats and visibility into user activity and use of the network.
Veeran-Patel: Assume that you will be compromised at one stage or another and prepare for it. Own all the risk. Define what should be backed up, how often it should be backed up and how quickly it should be recovered. Do not leave these crucial decisions to the IT department.
With critical information assets and business processes defined, risk management is easier and more manageable. Go a step further and identify information asset owners within the business, dispersing risk management responsibility through your organisation – you don’t want all your eggs in one basket.
Voges: Some of the basic best practices related to cybersecurity and your employees include:
• Securing every entrance – consider all the ways that a criminal could access your network and then ensure that only authorised users can do so.
• Be socially aware – social media sites are frequently used by cyber criminals to gain information on people, improving their success rate for attacks. Attacks such as phishing or social engineering all starts with collecting personal data on individuals.
• Encrypt everything – protect your organisation’s data by encrypting sensitive data and making it easy for your employees to do so.
• Cloud caution – with the hype around cloud storage and applications, the need to be cautious has skyrocketed as cyber criminals are taking advantage of weaker security of some cloud providers. Any content that is moved to the cloud is no longer in your control.
• Address BYOD (Bring Your Own Device) – be sure that you have a BYOD policy in place i.e. enforce password locks on user owned devices and only allow access to company data through encrypted VPN.
Bywater: Ensure that email security has targeted threat protection to minimise the risk of ransomware. Up to 90% of breaches occur via email phishing. Install a reputable firewall that includes functionality such as web and email filtering, data loss prevention, management and reporting. Back up your files regularly and separately to your main network. Run a vulnerability test regularly to test your systems. Ensure passwords are changed regularly. Scrutinise your policies and procedures on security measures for your data. Be cautious about opening unsolicited emails with attachments and URLs. Train all staff to look out for these consistently.
Odgers: One key piece of advice that we have been sharing with the industry for years is the Veeam 3-2-1 rule. This states that you need to have three copies of your data, stored on two different media types, with one being offsite. This, complemented with an offsite copy at a local cloud provider using different user credentials, will provide another layer. Some cloud providers have enabled Veeam’s Insider Protection (Recycle Bin) which assists for internal and external threats.
Ueckermann: A few basics to have in place are:
• Reputable endpoint security product that will detect both common and advanced threats.
• Patch management on all hardware and software used within the organisation.
• Automated backup of all your critical data (don’t depend on people to do it, automate it).
• IT security awareness training of all levels within the organisation.
Hi-Tech Security Solutions: Tell our readers what training is available for them and their employees to help stop the spread of malware before it starts.
Badenhorst: Here are six things that employees should do to protect their organisations from possible cyber breaches:
1. Do not open emails and attachments from unknown and untrusted sources.
2. Make sure you have ridged login credentials.
3. Never leave login password on a sticky note.
4. Arrange and engage employees for continuous cyber training to build their cyber hygiene.
5. Always make sure their software and operating systems are updated to the latest versions.
6. Have a BYOD security approach in place.
Nel: Sophos regularly conducts workshops, seminars and webinars to spread security awareness amongst end users. A solid security awareness programme is an integral part of any defence-in-depth strategy. Sophos Phish Threat educates and tests end users through automated attack simulations, quality security awareness training, and actionable reporting metrics. It is an advanced security testing and training platform designed to reduce risk from the largest attack surface – the end-user.
Veeran-Patel: Cybersecurity is everyone’s responsibility. The CEO has more to lose, but the person at reception must be just as aware of the potential for letting in attackers as everyone else is. Knowledge and awareness are probably the most important pillars of a successful defence strategy. Achieving that depends on regular and repeated security awareness training which emphasises what the threats are, how they change (and updates on new methods) and the impacts malware can have. Interactive staff workshops have proven very successful, they promote sharing and management of expectations.
Voges: Even with the best security protection in place, you need to ensure that your employees are educated on what the best practices are when it comes to security, as well as ensuring that the organisation and the data it holds are protected. We encourage organisations, both big and small, to spend some time thinking about what applications they want to allow in their network and those they do not want, as well as educating their employees on acceptable use of the company network. It is crucial that you make your security policy official and once it is official, you need to enforce it throughout the organisation.
Bywater: As the human firewall continues to be the weakest link in an organisation, we have a service that allows a business to test its staff’s knowledge around security and policies. This platform can be used to share information, like policy documents and quizzes to keep teams on their toes.
Odgers: Veeam offers various guides, whitepapers and solution briefs. We also offer training, from free online training and ‘how to’ videos, to Veeam Certified Engineer (VMCE) courses which advises on some of the best practices. Our training also covers tips, tricks, and best practices about our latest products, features, and capabilities to help IT teams deploy and implement Veeam Availability solutions effortlessly and most efficiently.
Additionally, continuity training is invaluable, and should be an essential part of a CIO’s business continuity plan. As we know, disaster recovery and business continuity plans often end up at the bottom of the budget priorities list. Therefore IT cannot be the endpoint here. The entire business should be trained to respond in a suitable way that allows it to know how to respond, and who to contact to lower the risk.
Ueckermann: There are essentially three levels of training:
• Executive training. It is the executive that is responsible to set the tone and direction when it comes to IT security, not the IT department or personnel.
• User awareness training for every person using IT resources. This is not a once off session, it is a behaviour change process which can take up to 18 months.
• Basic and advanced malware detection skills for all staff directly supporting the IT and OT environments.