News Flash! Security Measures Only Work if Actually Implemented

July 14, 2021

Best practices are there for a reason but it seems many companies are not following them. According to TechRadar, “Ransomware Is Not Out of Control’ Security Teams Are.” Reporter Mayank Sharma interviewed Optiv Security VP and former FBI Information and Technology official James Turgal, who puts the blame for recent ransomware attacks squarely on organizations themselves. In answer to a question on the most common missteps that pave the way for ransomware attacks, Turgal answered:

“Every business is different. Some older and more established organizations have networks and infrastructure that have evolved through the years without security being a priority, and IT shops have traditionally just bolted on new technology without properly configuring it and/or decommissioning the old tech. Even startups who begin their lives in the cloud still have some local technology servers or infrastructure that need constant care and feeding. Some of the themes I see, and the most common mistakes made by companies, are:

1. No patch strategy or a strategy that is driven more by concerns over network unavailability and less on actual information assurance and security posture.

2. Not understanding what normal traffic looks like on their networks and/or relying on software tools. Usually too many of them overlap and are misconfigured. The network architecture is the company’s pathway to security or vulnerability with misconfigured tools.

3. Relying too much on backups, and believing that a backup is enough to protect you. Backups that were not segmented from the network, were only designed to provide a method of restoring a point in time, and were never designed to be protected from an attacker. Backups need to be tested regularly to ensure the data is complete and not corrupted.”

Another mistake is focusing so narrowly on new projects, like a move to cloud storage, that vulnerabilities in older equipment are neglected. See the article for more of Turgal’s observations and advice. Surely he would like readers to consider his company’s services, and for some businesses outsourcing cybersecurity to experienced professionals (there or elsewhere) might be a wise choice. Whatever the approach, organizations must keep on top of implementing the most up-to-date security best practices in order to stem the tide of attacks. Better to spend the money now than pay out in Bitcoin later.

Cynthia Murrell, July 14, 2021

Written by Stephen E. Arnold · Filed Under cybersecurity, Management, News

Comments

Comments are closed.

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.