As a part of its ongoing efforts to maintain digital security, Microsoft publishes an annual list of actions that users and administrators can take to prevent cyberattacks. As other reports have recently noted, ransomware has dropped significantly – by nearly 60%. After several high-profile attacks in 2017, improved detection and education made it much more difficult for cybercriminals to profit from this action.
Conversely, cryptocurrency mining increased exponentially. Supply-chain attacks, or when an attacker uses a supplier or business partner to spread an infection, also grew substantially. These are in response to the changing economics of cybercrime – the culprits always use the most profitable tactic that can easily be completed.
While digital and network security is an ever-present concern for all organisations and individuals, Microsoft also has recommendations and best practices that outline activities that can be taken right now to protect against the unique cyber security threats that we will see in 2019.
Maintain Security Hygiene
Hygiene, or regular maintenance, can go a long way in securing networks. This includes the following actions, among others:
- avoidance of unfamiliar or free software
- securing privileged administrator accounts to minimise credential theft risk
- teaching employees to recognise and report suspicious communication
- use caution when clicking on unknown links
- look for suspicious files if you notice a change in the performance of your PC
Implement Access Controls
Access control apply the principle of least privilege, ensuring that only those who need access are granted it. To this end, administrators can implement network segmentation, remove local administrator privileges, and use extreme caution when granting any permissions to applications running on the computer. Downloads can also be limited to only those from reliable sources. Code integrity policies can be strengthened, which will restrict the applications that users can run by whitelisting them. If possible, some organisations may consider adopting a solution that will restrict the code that runs in the system core and block unsigned script or other forms of untrusted code.
This security measure has always been recommended and the importance of this step has not diminished at all. In many ways, it’s easier than ever as storage becomes more available and affordable. When possible, cloud storage services can automatically back up data. If data is physically located on-premises, the standard is to have at least 3 backups of data – 2 on different storage types and one offline backup.
Detection and response are key steps in any organisation’s overall cyber security plan. And it’s no longer good enough to simply be aware of tactics that have been used successfully in the past. You must be aware of anything that looks suspicious. This includes using caution when clicking on links or downloading files, practicing secure web browsing habits and implementing solutions that warn users or block access to sites that may be associated with malicious content. You may also reach out to external websites, such as Virus Total, that will analyse content for you. You can do this by either providing a link or uploading a file that you believe to be suspicious, then the website will scan it quickly and return a result on whether it is safe to open or if additional analysis is necessary. Int Tec Solutions recommends this action for all files that clients may receive.
It’s also important to spread this knowledge throughout the organisation. Education that teaches users how to spot suspicious communication and report it provides the security operations team with the knowledge they need to enhance specific security measures that may prevent a certain type of attack.