Best Endpoint Security Advice from the First Half of 2021

Solutions Review compiles the best endpoint security advice from the first half of 2021. 

As part of our ongoing research into the cybersecurity market, Solutions Review frequently covers the latest in data breaches, cyber-attacks, and authentication failures. When we do this, we try to accompany the facts with expert advice and perspectives from some of the most recognized voices in cybersecurity. 

As a result, we’ve accumulated several relevant pieces of endpoint security advice from the first half of 2021, generated by attacks and breaches. We decided to curate our favorites into one article. Here they are: 

Best Endpoint Security Advice from the First Half of 2021

Javvad Malik

Javvad Malik is Security Awareness Advocate at KnowBe4.

From: Expert Commentary on the CD Projekt Ransomware Attack

“We’ve seen ransomware evolve, not only is it enough for criminals to encrypt data, but they will spend time within the victim’s organization, stealing valuable data, working out which data is worth encrypting, and how much they should set the ransom at.

In many cases, these criminals go undetected in victim organizations for many months at a time.

So, it’s important that organizations have the right controls in place to prevent these attacks from being successful in the first place and have some form of monitoring and threat detection in place to see when they have been breached and to respond quickly.

The ransom demands are interesting because the criminals know that the organization can likely recover from backups. In this case, the ransomware itself isn’t the issue – it’s more of a statement to signal that they have breached the organization. The fact that the ransom note was addressed to them shows it was a targeted attack.

While ransomware itself can cause issues and not everything may be backed up. The real demand for payment is in exchange for the criminals not leaking the information they’ve stolen. However, the issue with this approach is that even if the victim pays the money, there is no way to guarantee the criminals will actually delete the data.”

Purandar Das

Purandar Das is CEO and Co-Founder of Sotero Software.

From: Kia Motors America Suffers $20 Million Ransomware Attack: Expert Commentary

“One more ransomware incident. While the focus is on recovering the stolen data, minimizing customer exposure, and restoring normal operation, as it rightfully should be, companies ought to start revisiting their security approaches. There are two parts to this. One is to start by making the data useless when stolen. That eliminates a big part of the leverage the criminals have. The data is just as valuable as the operational aspects of the system that are affected. The stolen data also causes long-term damage to innocent consumers who trust organizations to protect their data and privacy. Adopting newer encryption technologies that keep data encrypted, even while in use is a must. Second, enabling secure backups of operational systems with fast recovery paths is another. Layering on more security products is not a viable or scalable solution.”

Tony Lambert

Tony Lambert is an Intelligence Analyst at Red Canary. 

From: Alleged Ransomware Attack Hits Molson Coors; Expert Commentary

“At the moment multiple reports indicate Molson Coors fell victim to a ransomware attack, but the precise family of ransomware hasn’t been specified. For manufacturing organizations, ransomware poses a major threat to data and system availability. Not only do corporate systems lose access to data, systems managing the manufacturing process may come to a halt as well, preventing the successful production and even delivery of products. This obviously presents a huge problem for companies that sell the products: every hour their lines are down can mean major profit losses.

In situations like these, we’ve seen organizations take two paths. The first is to pay the ransom so they can restore availability as fast as possible to prevent major losses. The second is to avoid paying a ransom and restoring from backups…Finally, it’s important to keep in mind that organizations can do many things to take steps toward ransomware prevention. Consider using mail gateways, spam filters, or other email security tools to curb the delivery of malicious attachments or links. If feasible, organizations may consider disallowing archive or document attachments in email. Consider implementing controls to limit the use of Windows script execution tools such as `wscript.exe`.

To secure public-facing applications from exploitation, apply patches as soon as possible. Evaluate any web applications for remote code execution vulnerabilities. To secure trusted relationships such as those with Managed Service Providers (MSPs), consider discussing security measures and checklists with vendors periodically to ensure they meet your needs and protect your interests. To mitigate exploitation via supply chain compromise, only download software from official sources such as directly from the developer. To hinder the execution of this and other malware, restrict administrative access where possible and employ the principle of least-privilege where feasible.”

Stephan Chenette

Stephan Chenette is Co-Founder & CTO of AttackIQ.

From: IoT Maker Sierra Wireless Suffers Ransomware Attack

“This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. The incident not only impacts Sierra Wireless itself but also its customers, who rely on up-to-date information to keep their operations moving forward. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom. Because of this, it’s important to adopt a proactive and threat-informed approach to security strategy that allows for an organization to know it can thwart ransomware attacks.

To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, companies can build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors. Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”

Gary Ogasawara

Gary Ogasawara is CTO of Cloudian. 

From: The Colonial Pipeline Hack: What to Know and Commentary

“The ransomware attack on the Colonial Pipeline is a reckoning for how impactful an assault like this can be on a country’s critical infrastructure. Even as Colonial attempts to contain the attack by taking some of its systems offline, every day that goes by without Colonial fully restoring operations increases the downstream disruption. As ransomware groups around the world observe the effect this attack has had, more may follow.

Having strong cybersecurity defenses in place has never been more important, particularly ensuring that businesses can recover quickly and easily from a ransomware attack. One of the best ways to do so is by securing data at the storage level with an immutable backup copy. This way, the data is rendered unchangeable for a certain time period, preventing encryption by malware and enabling easy recovery of an unencrypted data copy in the event of an attack.”

Thanks to these experts for their time and endpoint security advice. For more on cybersecurity and the marketplace, check out the Endpoint Security and the EDR Buyer’s Guides.