Grzegorz Kubera speaks with Piotr Konieczny, head of the Niebezpiecznik.pl security team.
Piotr Konieczny: About the importance of the human being in the security model. Everyone has heard that people are the weakest link in security, but not everyone knows what zero trust is, how to implement it in your business processes, and how to respond to security incidents. safety – because these will happen sooner or later, no matter what we do.
However, our correct response to threats is crucial. Without it, even despite considerable security expenditures, one can be blown away by a poorly managed incident.
The zero trust model assumes that we should not trust by default and believe that even employees have good intentions. This generally means that we need and want to authenticate everything that tries to access and log in to the systems used in the company. In the era of hybrid and remote working, security challenges increase even more. What do you think we should implement to improve home office security?
First, well-adapted employee identification and authentication mechanisms. Today it can be implemented very simply and inexpensively. Just give employees U2F tokens [klucze bezpieczeństwa, zwykle podłączane na USB – red.]that are needed to connect to company services, such as email or CRM.
The U2F token looks like a USB key and is safer to use than any one-time code sent by SMS or generated by applications such as Google Authenticator.
Such a token means that even if an employee catches the most popular attack today: phishing, the hijacked data will prevent the attacker from accessing company systems.
What other practices do you recommend?
In addition to fighting phishing, it’s important to be prepared for malware attacks. There are many solutions here, but it is important to introduce some form of whitelisting [dopuszczenia do działania aplikacji z zamkniętej listy – red.] and appropriately limit what an employee can run or install on their computer. Unfortunately, I will not recommend a solution here, because it must be selected according to the risk model for a given company, taking into account the position and needs of a given type of user, and even in a company, there may be several.
Finally, it makes sense to build a suitable training program. Because even with U2F keys and a good antimalware solution, criminals can use the so-called social engineering attacks to impersonate the president or other official during a phone conversation and thus obtain information precious. Here, it is important that employees are aware of the threats, and this awareness is reinforced by expertly conducted training. During one of the lectures, I explained how we build such a training program for our clients.
Now let’s move on to the ransom notes. The European Cybersecurity Agency has seen a 150% increase in ransomware attacks in 2021 and expects the upward trend to continue in 2022. What causes ransomware attacks, c ie Ransomware Attacks, Are on the Rise?
Unfortunately, this is the trick of the ransomware gangs. As businesses have seen the increase in these attacks and have begun to take a more responsible approach to effectively backing them up and restoring them, gangs have begun to take a double ransom approach.
What is it about?
If the company does not pay the ransom to decrypt the data, the criminals demand a ransom for not releasing the information they stole in the attack. Worse still, there are growing reports that ransomware gangs are infiltrating corporate networks not only by exploiting software vulnerabilities, but also by bribing employees to run malware on their work computers. for money.
It doesn’t look very good. But we have access to effective security tools, such as early detection and response to threats.
Incident detection tools and techniques have been around for years, and they don’t really change much. What most companies still lack are adequate resources, both financial and human. Because someone has to go through all those SIEMs, IDSs, and WAFs, filtering out the so-called false positives and “handling” the incidents. Unfortunately, not every business can afford to have a 24/7 security operations center, and today, in fact, even the smallest Internet-based business needs one.
So what? We must constantly broaden our skills and be attentive to detect and react well?
Yes. It sounds like an easy task, but getting it right is incredibly difficult.
Piotr Konieczny, head of the security team at Niebezpiecznik.pl, will perform at the online event “Cyber security – Landscape before the battle”, which we will broadcast live on April 29. Join today – take advantage of free registration.