The Fightback Begins: How to keep Malware off your systems by Bharat Mistry, Principal Security Strategist, Trend MicroTM
Hackers increasingly view law firms as a soft target. Malware is a constant threat and, as more of the industry undergoes digital transformation, the challenges in preventing cyber-attacks will only increase. The question is, what can be done to mitigate this growing risk?
To clarify the scale of the challenge facing the industry, three-quarters (73%) of the UK’s top firms were targeted last year, and only 35% have a mitigation plan in place in case of a cyber-attack, according to CERT-UK stats.
So, what can be done to mitigate the growing risk of cyber-attack? It’s important to remember a few guiding principles, not least, that defence-in-depth works best. From commodity malware and spam to ransomware, phishing, and advanced info-stealing attacks designed to hide from traditional security filters, the sheer volume and variety of threats law firms are likely to encounter today is unprecedented. Trend Micro alone blocked nearly 82 billion pieces of new malware in 2016 and saw a spike of 752% in new ransomware variants.
Defence-in-depth means having the right security controls at each layer of your IT infrastructure, from the web and email gateway, to endpoints, networks and servers. At the outer layer this means identifying and removing known threats and those you have high confidence are threats before they ever reach the organisation. This can be done with cloud-based systems which block spam and email from non-reputable sources, scan email for dubious attachments and links, and prevent access to malicious sites far away from your perimeter.
The second layer of protection comes at the web and email gateway level, with the scanning of incoming and outgoing traffic for malicious content. IP and web reputation, URL sandboxing, spear phishing/social engineering protection and data loss prevention are all key technologies to look out for. Reputation-based filters check files according to a number of attributes including their source and who else has been exposed to the same code, before applying smart algorithms to work out if they can be trusted. Sandboxing is a way of running an untrusted program in a separate environment identical to your own. With the information the security system gathers from this environment, it will be able to see how it behaves and whether it is malicious or not.
From the endpoint to the user
Next up, protect your endpoints: your PCs, laptops, mobile devices and tablets. As mobile and remote working becomes increasingly commonplace, the number of endpoints in organisations has exploded. The challenge here is that the more endpoints you have connected to the corporate network, the more opportunities hackers potentially have to breach your systems. A simple phishing attack combining social engineering techniques with malware could covertly install malware on an endpoint, allowing hackers to pivot into key systems containing highly sensitive IP, PII and other data. Effective end user education programs are therefore vital as a first line of defence: if more staff know not to open dubious looking attachments or click on malicious links, it could greatly reduce your chances of infection. Any education efforts should be communicated regularly and to all staff, including temps and contractors. Bite-sized online lessons at regular intervals often help, combined with periodic testing.
On the technical side, consider an approach which combines multiple threat prevention techniques. Why is this important? Because technologies like reputation-based filters designed to scan for known malware, for example, won’t be able to detect previously unseen “zero-day” threats. It’s important to get a breadth of security controls in there so you’re covered for all types of potential cyber threat.
Make sure at a bare minimum you’ve got filters in place to scan removable devices; host-based firewalls and IDS/IPS; browser and app exploit protection; app control; and behavioural analysis/machine learning to spot advanced malware. The latter is at the cutting edge of malware prevention, but false positives can be a problem so it pays to do your due diligence on providers.
It goes without saying that you should also keep all software and operating systems up-to-date with the latest security patches as soon as they’re released.
Data breaches are inevitable today. But with a calm head and the right tools, you can start to get on the front foot with a more effective, proactive approach to cybersecurity which will keep data safe and the reputation of your practice intact.