Posts

Ransomware is on the rise. Here’s how to recover from an attack.

Ransomware is on the rise. Here's how to recover from an attack.According to a recent survey, nearly 50% of all organizations have been struck by some type of ransomware in the last 12 months. Furthermore, CNN reports that $209 million was paid to ransomware hackers in just the first quarter of last year. If you think you won’t become a victim, think again. Even if you have a strong cybersecurity incident response strategy in place, it’s just as important to know what to do in the event that a threat slips by undetected.

If you find you’ve been hit by a ransomware attack, here’s what you need to do to mitigate damages and get things back on track as quickly as possible.

Step 1: Avoid clicking on anything unfamiliar.

It’s not uncommon for hackers to use pop up messages in an attempt to entice users into their trap. For instance, a dialog box might pop up containing a message that indicates your computer has been infected and instructing you to take certain steps to rectify the problem. Unfortunately, doing so will only make matters worse. Avoid clicking on anything that’s unfamiliar or even the slightest bit suspicious.

Step 2: Disconnect from the network.

The ultimate danger of ransomware is that it is designed to spread through the network as quickly and invasively as possible. To mitigate damages, you must take the appropriate measures to thwart the malware’s infiltration. As soon as you believe you’ve been infected, immediately disconnect your device from the network. If you are accessing the internet via WiFi, turn it off. If you are connected via an Ethernet cable, unplug it right away. The more quickly you cut off access to your network, the less havoc the hackers will be able to wreak.

Step 3: Save and troubleshoot.

As soon as you’ve disconnected from the network, the next step is to save any and all important documents or files you’ve been working on. Then, reboot your computer in safe mode. Once you’ve rebooted, run a virus scan. Hopefully your cybersecurity incident response strategy includes adequate virus protection that’s designed to both detect and eradicate any identified malware. In the absence of this type of security software, you may need to use another device to download the software, save it onto a flash drive and then run it on the infected device accordingly.

Step 4: Restore your system.

If your anti-virus software doesn’t do the trick, you may need to restore your system back to a previous period, prior to the ransomware infection. Provided this feature was never manually disabled, running a system restore from safe mode should be pretty easy and straightforward. To begin, simply choose Advanced Boot Options and then select Repair Your Computer. From there you should see an option for System Restore. Launching this will result in your device restarting in an older version.

Step 5: Examine your files.

The next step will depend on the type of ransomware that has infected your device. If you can’t locate your files (or the shortcut icons for them), that means they’ve either been hidden or they’ve been encrypted. To determine what type of mess you’re dealing with, start by finding your hidden files. Open your File Explorer and choose Computer (or This PC). Click the View tab and choose Hidden Items. If a list appears here, you should be able to restore your files easily by simply right-clicking each item, choosing Properties and unchecking “Hidden.”

If your files do not appear in the Hidden area of your computer, this unfortunately means your data has likely been encrypted. That means the hackers were able to lock up your data and they will only release what they’re holding “hostage” if you agree to pay their proposed fee (hence the term “ransomware”). This is why a cybersecurity incident response strategy that includes frequently backing up data to the cloud or external resources is so critically important.

Step 6: Don’t let it happen again!

If you’ve been unlucky enough to have been hit by ransomware, you’re not alone. Aside from being a huge headache and possibly costing your organization a good deal of money, this unfortunate event should serve as a lesson in how important it is to take proactive measures that will improve your level of protection against such attacks.

Start with a highly effective monitoring system, and then leverage tools like automated cybersecurity incident response to establish a closed-loop process. And, above all else, educate your employees on how to properly back up files and recognize the signs of potential malware. Taking the steps to prevent as well as being prepared to remediate an attack is key.

Is your organization as safe as it could be from costly ransomware attacks? Fortify your defense with our automation and orchestration platform, designed to pinpoint, isolate and destroy all types of cybersecurity incidents – including ransomware. Try it for yourself today.

How to Get Critical Systems Back Online in Minutes

How to Overcome IT Security Staff Burnout

Overcoming IT security staff burnoutToday’s IT security professionals are under increasing pressure to manage and assure the highest level data protection for their organizations and clients. With the number of incoming threats steadily on the rise and staffing numbers remaining stagnant (or dropping), those in this high-stress industry are burning out at a rapid pace. IT leadership is often painfully aware of the issue at hand, but at a loss as to how to help ease the burden their staff is under. The good news is there is a solution and it’s not nearly as difficult or costly as you may think. But first, we must get to the heart of the problem.

As IT security threats and their subsequent impact continue to increase in number, frequency and complexity, businesses are scrambling to keep up. Furthermore, budgetary restrictions and a skills shortage are also wreaking havoc on IT security teams. As a result, qualified personnel are finding themselves inundated with a relentless stream of cyber-attacks, which is contributing greatly to the high level of turnover in the IT security field. Simply put, employees are overworked and it’s taking a significant toll.

Couple this with the fact that the incident response and remediation process for most companies is still partially or entirely manual. As such, system and network vulnerabilities are not properly being managed, which leads to increased risk to the organization. Further, dependence on tools like spreadsheets, emails and phone calls to handle incidents is not an adequate or effective way to manage incidents. There’s simply too much risk involved, which in turn puts even more pressure on IT security personnel. Something’s got to give.

As a result of all of these critical factors, many organizations are turning to automation to help manage the IT workload and improve service levels. More specifically, IT security professionals are beginning to see the power of automation for more effective management of incident response and remediation. In fact, with the right tool, existing systems and applications can be linked to create a more uniform infrastructure and close the loop on the incident response process.

Additionally, integrating automation into your incident response strategy can provide the following benefits:

  • Remove manual processes that slow response time. Managing IT security incidents manually often results in costly delays and bottlenecks, which slow your mean time to resolution. Automation eliminates these manual processes and thereby dramatically improve MTTR.
  • Enable the use of a single platform for IT security incident management. Gain real-time visibility and maintain control over the entire process to ensure ownership and accountability.
  • Prioritize and manage risk based on criticality. The IT security team can focus on those incidents that present the greatest degree of risk to the organization while the automation tool can handle less significant incidents without the need for human intervention.
  • Free up and optimize use of skilled staffing resources. IT security personnel can be freed up to focus their time, efforts and advanced skillsets on other critical tasks and issues.
  • Gain greater visibility over all IT security incidents. Centralized dashboard allows IT leadership to get real-time updates on any and all issues currently being handled.

As you can clearly see, automation is proving to be the ideal solution to easing the heavy burden of today’s IT security personnel. If you’re not yet taking advantage of the many benefits this technology has to offer for your organization, the time to do so is now.

Get started today by launching your free demo of Ayehu.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

Why Prevention Is No Longer Enough for Cybersecurity

Why Prevention Is No Longer Enough for CybersecurityHow would you know if your cybersecurity strategy failed to detect a legitimate threat? It could happen one of two ways: either you’ll get lucky and find it yourself or a third party – whether it’s a customer, an auditors or someone else – will catch it first. Sadly, the latter is most often the case, which means that data breach could easily cost you as much reputationally as it will financially.

The fact is, prevention strategies and technologies, such as firewalls, antivirus software, encryption and other security controls, are designed to block attackers from gaining access to your infrastructure. These tools are certainly important and can be effective. They should now, however, be your only line of defense.

If we’ve learned anything from the high profile data breaches that have graced the headlines over the past year, it’s that determined attackers will find their way in, despite the presence of preventative technology. As such, it’s equally important that you have the right strategy in place to be able to detect and address threats that are already inside your infrastructure.

Detection Monitors Your Monitors

We all want to trust that our prevention strategies are working, but as mentioned above – how can you know if they’re not (and more importantly, before it’s too late)? That’s why detection tools are so important.

Automated detection technology, such as continuous monitoring and automated alerting, provide ongoing visibility into all of the activity that’s occurring within your infrastructure. Not only are these tools designed to keep you abreast of known issues, such as previously disclosed cybersecurity threats, but they’re also designed to identify and alert about new and unknown threats that may have successfully slipped past your preventative defenses.

The information gathered from this monitoring and alerting enables IT agents to make quick, data-driven decisions, such as whether to cut access to a certain application, patch a server, or implement a new workflow to better detect similar events in the future. Furthermore, with the right platform, remediation of threats can be entirely automated, enabling round-the-clock protection. These are things most prevention tools cannot accomplish, because they simply were not designed to do so.

While tools like antivirus software or firewalls can mitigate certain known or common security events, they aren’t designed to detect new threats. Additionally, most prevention tools lack the alerting functionality to notify key personnel in real-time about any issues that may arise. And with new cybersecurity threats constantly on the horizon, it’s clear that prevention alone isn’t going to be enough to keep your infrastructure secure. To achieve maximum protection, detection is necessary.

Rapidly Evolving Landscape

One of the biggest reasons detection and remediation are becoming a growing necessity is because many organizations are adopting cloud technology. The cloud enables businesses to operate at scale, which means rapid changes and an increasing number of endpoints to protect. Detection addresses this evolution and scales seamlessly alongside the business.

Yesterday’s static, on-premise environments are quickly being replaced by cloud solutions, which makes infrastructures much more vulnerable to today’s invasive and sophisticated attacks. In other words, we are operating on an entirely different landscape. Detection enables IT teams to gain visibility into all of the hosts running at any given moment and shut any of them down to stop threats in their tracks.

Prevention and Detection Working Together

We aren’t recommending that you scrap your prevention strategy. To the contrary, prevention tools are still effective in doing what they were designed to do, which is keeping known cybersecurity threats out. Detection simply allows you to add another layer of protection. When working in tandem, prevention tools help weed out a good portion of threats while detection tools dig deeper, collecting critical real-time data about security events and enabling security teams to respond immediately.

In this context, you can think of detection and remediation kind of like gap insurance for your infrastructure. Having both in place, when a point of failure inevitably occurs, your second line of defense will kick in. This provides a much more robust and therefore more effective cybersecurity strategy.

Conclusion

With today’s threat landscape becoming even more dangerous by the day, there’s never been a more critical time to strengthen your organization’s cybersecurity posture. Establishing a strategy that integrates prevention with detection, alerting and remediation will add the layers of protection you need to stay a step ahead of your attackers.

Is your prevention strategy falling short? Beef up your protection with Ayehu. Take our automation and orchestration tool for a test drive today and see how automated cybersecurity detection can make your company safer.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

4 Cybersecurity Challenges that Could Be Placing Your Infrastructure at Risk

In today’s digital age, network availability and reliability are critical to businesses of every size and industry. A strong, secure infrastructure is the key to keeping customers happy, protecting your brand reputation and ensuring positive movement in terms of both revenue and profits. Achieving this type of maximum security, however, is becoming increasingly challenging in the face of escalating cyber-attacks.

Losing network access is no longer just a minor inconvenience for today’s businesses. Not only can it be incredibly costly from a financial standpoint, but it can also cause irreparable damage to a company’s reputation. And the cold, hard truth is, conventional methods for protection are no longer adequate, especially given the increase in frequency, intensity and size of cyber-attacks.

To achieve a secure infrastructure, IT leaders must address the four main challenges that are standing in their way. Those challenges are as follows.

Lack of Visibility

Maintaining a clear and accurate view of all devices and network assets across physical, virtual and cloud infrastructure is critical to maximum protection. After all, you can’t protect what you cannot see. The challenge lies in the reliance on traditional security systems to track and monitor the network. These antiquated solutions do not provide a complete view of all devices and assets, leaving some vulnerable to compromise.

To address this, IT leaders should leverage solutions that allow them to centralize and automate network discovery, enhance visibility and quickly identify attack points, anomalies, patterns and other suspicious activity.

Poor Vulnerability Detection

As challenging as it is to obtain a consolidated view of devices and network assets using conventional methods, spotting and quickly addressing vulnerabilities in those assets can be just as difficult.

Vulnerability scans can be helpful, but since they aren’t capable of continuously monitoring every single device, virtual machine and end point across complex infrastructures, nor can they pinpoint threats generated from configuration errors, non-compliant devices and outdated components, they simply aren’t sufficient enough to keep organizations secure.4 Cyber Security Challenges that Could Be Placing Your Infrastructure at Risk

Without comprehensive insight on vulnerabilities, networks are no match for the sophisticated cyber-attacks of today.

DNS-Based Attack Protection

Exploiting DNS has proven to be a highly effective way to disrupt and disable networks. Attackers utilize DNS pathways to ravage networks in a variety of ways. For instance, hackers often use DDos attacks to flood DNS servers with bogus requests, swap out legitimate URLS for fake ones that cause websites to appear to be down when they’re not, and create diversions that allow them to hide other types of attack.

The reason DNS has become the method of choice for so many cyber-criminals is because conventional infrastructure security methods are incapable of protecting DNS. To overcome this risk, IT leaders should seek out advanced solutions that are specifically designed and developed to comprehensively and automatically protect DNS from would-be attacks.

Lack of Integration within Security Ecosystem

Many companies employ the use of a large number of disparate security solutions from a variety of different vendors. This results in silos that are incapable of working together and sharing critical information, which results in a significant challenge to security teams who are responsible to take action amidst a dynamic and ever-evolving security landscape.

To complicate matters further, security teams in this situation also find themselves drowning in a sea of increasing threats with little to no clear direction on which threat to act upon first and why.

The solution is to create a network that is made up of systems, software and applications that can be fully integrated with one another with the goal of enhancing the performance of the entire cybersecurity ecosystem. This type of setup enables security teams to gain greater visibility and remediate swiftly to mitigate risk.

Conclusion

A failure to adequately protect your network and infrastructure can result in much more than just a little bit of downtime. A sophisticated and complex cyber-attack can cripple your network and place the reputation as well as the careers of everyone involved in jeopardy. To ensure maximum protection and network availability, organizations must close the gaps and address the vulnerabilities that other solutions create.

Integratable solutions which involve automation and data-driven intelligence can effectively improve visibility and enhance threat detection across even the most complex infrastructures, thwarting attacks and optimizing the performance of the entire security ecosystem.

Don’t get caught on the bad end of a cyber-threat. Provide your network and infrastructure with maximum protection. Launch your free product demo of Ayehu today to get started.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

How Uber Could Have Prevented Their Latest Cybersecurity Breach

How Uber Could Have Prevented Their Latest Cybersecurity BreachIn case you missed it, ride sharing company Uber has recently come under fire due to the circumstances surrounding a data breach that occurred in late 2016, but that the company didn’t publicly report until just last month (nearly an entire year later). The hackers behind the breach were able to access the personal information of 57 million users, including names, email addresses, phone numbers. Also stolen were 600,000 driver’s license numbers of Uber drivers. With yet another high profile brand making headlines, it’s time to ask once again, could a stronger cybersecurity strategy prevented this fiasco?

What happened?

According to Uber CEO, Dara Khosrowshahi, two hackers broke into the company’s GitHub account, a third-party, cloud-based service that many companies use to store code. It was on this site that the hackers located the username and password they needed to access user data, which was stored on an Amazon server. Sadly, experts are saying the attack was not sophisticated, which means it could have been prevented had the company been more vigilant with its cybersecurity practices.

Where they went wrong

The breach itself isn’t what’s got Uber in hot water right now, although users and regulatory agencies are rightfully outraged. What’s most upsetting is that, rather than alerting users that their information had been compromised and notifying authorities of the breach (as is required by law), Uber instead handed over a $100,000 ransom to the hackers. According to Uber representatives, they were assured and therefore believed that in exchange for that payment, the data was destroyed.

The problem is, by failing to report the breach, not only were users placed in a precarious situation, having their personal information unknowingly in the hands of criminals, but the company also failed to act lawfully and in compliance with regulations. As a result, it’s likely that Uber will face consequences, both at the state and federal level.

Furthermore, when businesses choose to pay hackers what they demand, it only perpetuates the problem of cybercrime and encourages others to follow suit. Similar cybersecurity events occurred recently to well-known brands Netflix and HBO, however, neither of those organizations paid the ransom demanded.

A better solution

The bottom line is, what happened to Uber could easily happen to any business. And paying the ransom – even if it did result in the data being destroyed – didn’t address the actual problem, which is poor cybersecurity planning. Keeping usernames and passwords located on an easy-to-access platform like GitHub was mistake number one.

The second mistake Uber made was not having the right technology in place. For instance, had they employed automated incident response, they would have been alerted of the breach immediately and quite possibly could have avoided having to pay the ransom in the first place. And, thirdly, of course, was the company’s failure to notify appropriate parties. For that, they will likely pay much more than the original ransom amount and reputationally, the company may never quite recover.

Uber’s latest PR nightmare should serve as a reminder to business owners, board members and IT leaders across the globe. The question is no longer whether your company will get hacked, but rather when. Being prepared, leveraging technology and adhering to all state and federal regulations can help your business weather the storm and emerge unscathed on the other side.

Want to see exactly how automation powered by AI can help guard your business against hackers? Click here to take Ayehu for a test drive!

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

Is your organization prepared for a cyber attack? Here are 5 steps to strengthen your defense.

Is your organization prepared for a cyber attack?Is your organization truly prepared to handle a potential data breach? With well-known brands and industry leaders regularly being dragged through the mud by the media due to lack of protection of sensitive data, it’s becoming abundantly clear that nobody is safe anymore. In fact, experts predict that threats to businesses will only continue to increase, both in frequency and in complexity. If your cyber security incident response strategy could use a little more oomph, here are 5 things you can do today to fortify your level of protection.

Identify Areas of Risk – It’s often said that to catch a criminal, one must think like that criminal – to get into his or her head and view the world from a different perspective. When it comes to cyber security, the same concept can and should be applied. Start by identifying which data your organization possesses that would be most likely to be targeted. Then, develop your cyber security incident response plan around that.

Practice Makes Perfect – You probably already conduct regular fire drills to ensure the safety of your personnel in the event of an emergency. Shouldn’t your cyber security incident response plan receive the same level of testing and tweaking? Your strategy should always remain fluid and reviewed on a regular basis to ensure its effectiveness so that when, not if, an attack occurs, you will be ready. As a starting point, review past records to identify which types of incidents you’re most prone to.

Make it a Team Effort – It’s important to remember that cyber-attacks don’t just have the potential for monetary loss, but they also often result in reputational damage and even lawsuits. In order for your cyber security incident response plan to be truly effective, it must cover every angle. That’s why it’s a good idea to include other departments, like legal and public relations, in the process.

Keep Leadership In the Loop – While the task of protecting sensitive data may be handled primarily by IT, incident response is something that should be a company-wide priority. That includes top leadership, such as your C-Level executives and your Board of Directors. Involve these decision makers in as much of the process as possible, from planning to response strategy, and encourage them to be active participants.

Empower Your Team – Your IR strategy is only as good as the people you’ve got managing it and the tools they’ve been given to do their jobs well. Make sure that your IT team has access to everything they need to stay a step ahead of online threats, such as incorporating automation into the cyber security incident response plan to make response and resolution faster and more effective. The more you invest in this area upfront, the more it will pay off in the long term.

In conclusion, the goal of any individual or team tasked with managing cyber security must include making their response and remediation strategy as strong as possible. The best way to achieve that goal is to ensure that the right people, processes and technology are all aligned accordingly. The eyeShare product can provide the ideal solution, bringing everything together and creating a much more solid defense across the board.

Ready to get started? Request a free demo today!

eBook: 5 Reasons You Should Automate Cyber Security Incident Response