I recently watched a webinar on the Managed Threat Response proposed by Sophos (a programme for real time protection against malicious malware and other digital threats). The thrust of what they were saying is that the threat landscape in the digital world is ever changing and we all need to ensure our responses to these threats are developing to match these changes. Read on to find out more...
- One of the current pressures is derived from hackers breaking into other software that we use as part of our day to day business, and they then use this software to enter our systems and get behind our defences. This is not malware as the tool we use is not dangerous as it is – it is just that it lets them in so they can interact within our systems.
- How we deal with threats is also key. Many approaches involve automated reviews of what goes on within and to our systems. If this is followed by an automated response to block the attack then this works reasonably well. But now there are more variants that the automation either does not recognise (and so misses) or does recognise but the normal automatic responses no longer work (so a human interaction is needed).
- Apparently the hackers are now ensuring that before they issue a ransomware demand, the initiating attack focuses on destroying back-ups. Where a back-up exists, the attacked person simply ignores the ransomware threat and reverts to back-up and starts over. Once back-ups have been removed, this is to an option and the ransom is more likely to have to be paid. So the key point to remember here is to ensure that back-ups are held separately from the main machine. Cloud based, or on disc that is removed or whatever, but not part of the computer concerned or connected directly to it would seem to be the issue.
- In defence, developments are taking place in the creation and use of remote managing and monitoring tools that allow oversight and updates to be made in real time. This would seem to be a good way to address evolving practices being adopted by hackers and cyber criminals.
The trick seems to remain the issue of what to do once a problem is found (which itself is not easy). Automated responses are great when they can be predicted. But any cyber-criminal wanting to make an impact will be thinking of ways to go around the automated approaches – often with just small changes that are not recognised by a computer. Thus the longer term result seems to be to have a human interaction involved as well to identify the issue following an automated scan of questionable areas. The human also then prescribes the strategy to break and spoil the attack. This gets more expensive of course and more complex. But, at the moment, seems to be a good step in a new direction.