Security Dealer & Integrator

JUN 2017

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: http://sdi.epubxp.com/i/835749

Contents of this Issue

Navigation

Page 19 of 59

20 Security Dealer & Integrator / www.SecurityInfoWatch.com June 2017 level and provide the most cur- rent trending safeguards possible. Security integrators are the experts end-users turn to for advice and tactics to prevent cyber threats, ransomware and other malicious attempts on physical security sys- tems which may be used circum- vent the network or access cus- tomer data. If you work with the healthcare market, this is even more critical and subject to numerous rules, standards and regulations – including the Health Insurance Portability and Accountabil- ity Act of 1996 (HIPAA) and the Health Information Trust Alliance (HITRUST). If you cannot deliver the necessary requirements or needs of the security market today, your client or potential customer will be forced to go elsewhere. I recently attended a leading cybersecurity conference, and during a panel discussion with knowledgeable cyber profession- als, a question was asked from the audience. e IT manager for a large municipality was concerned about the extensive number of cameras and door locks connected to his network. He explained that he wanted to understand what type of vulnerabilities this practice presented to his organization and what he could do to help protect them better. It was a great question and the response was simply that he should work closely with his secu- rity system provider for guidance. If that is the case, are you prepared to have that discussion? Systems The United States Computer Readiness Team (US-CERT) recommends that organizations consider taking the following steps upon an infection with ransomware: • Isolate the infected computer immediately: Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives. • Isolate or power-off affected devices that have not yet been complete- ly corrupted: This may afford more time to clean and recover data, contain damage, and prevent worsening conditions. Protecting Your Networks from Ransomware • Immediately secure backup data or systems by taking them offline: Ensure backups are free of malware. • If available, collect and secure partial portions of the ransomed data that might exist. • If possible, change all online account passwords and network pass- words after removing the system from the network. Furthermore, change all system passwords once the malware is removed from the system. • Delete registry values and files to stop the program from loading. • Implement your security incident response and business continuity plan: Ideally, organizations will ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data. • Contact law enforcement immediately: US-CERT strongly encourages users to contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service immediately upon discovery to report a ransom- ware event and request assistance. Law enforcement may be able to use legal authorities and tools that are unavailable to most organizations, as well as enlist the assistance of international partners to locate the stolen or encrypted data or identify the perpetrator. Law enforcement agencies and the Department of Homeland Security's National Cybersecurity and Communications Integration Center can also assist organizations in imple- menting countermeasures and provide information and best practices for avoiding similar incidents in the future. Paying the Ransom There are serious risks to consider before paying the ransom. The U.S. gov- ernment does not encourage paying a ransom to criminal actors; however, after systems have been compromised, whether to pay a ransom is a seri- ous decision, requiring the evaluation of all options to protect shareholders, employees and customers. Victims will want to evaluate the technical feasi- bility, timeliness and cost of restarting systems from backup. Ransomware victims may also wish to consider the following factors: • Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after paying a ransom. • Victims who pay the demand can be targeted again by cyber criminals. • After paying the originally demanded ransom, some victims were asked to pay more to get the promised decryption key. • Paying could inadvertently encourage this criminal business model. I N F E C T I O N P R O T O C O L Government-recommended steps to deal with a ransomware attack Cover Story

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Dealer & Integrator - JUN 2017