The world is still reeling from one of the most pervasive global cyber attacks ever recorded which occurred on Friday 12th May 2017. This ransomware attack caused disruption in 150 countries worldwide with an estimated 200,000 known victims.
The ransomware, which locked user’s files and demanded payment to allow access, impacted organizations such as the NHS (UK National Health Service) and Fedex to name but a few. And now experts are warning that further attacks may be on the way.
The cost of doing nothing
The scariest part of this attack is that many organisations could have limited the impact of this attack on their organisations if they had been more prepared. The malware attack exploited a weakness that had been known about for some time and a patch has been available since March. However, many organisations failed to install this patch leaving them susceptible. This is certainly a wake-up call to many organisations globally that a dreaded day like this can happen and you need to protect and prevent.
#1: Have a disaster recovery plan to avoid business shut down.
The majority of organisations globally use Active Directory which is a critical part of their infrastructure. A disaster or attack of your Active Directory (AD) can literally stop your business in it’s tracks. In October 2013, a large UK public sector organisation, encountered a corruption in Active Directory which resulted in hundreds of appointments having to be cancelled or postponed. During a cyber attack, your domain controllers can become encrypted or unavailable. Quest Recovery Manager for Active Directory Forest Edition enables you to restore your Active Directory environment quickly to maintain business continuity.
#2: Get better visibility into where your organisation is vulnerable
For this recent cyber attack, simple reporting of what machines did not have the new patch applied could have massively reduced the number of affected machines and thus slowed the spread. Quest Enterprise Reporter provides built in reports that list all of the hot fixes applied to machines. It would therefore be a very simple task to list all of the machines that don’t have the patch and either fix them or write a script to remotely shut them down to prevent any further damage or spread of the malware.
#3: Discover who has access to what
Do you know who has access to what in your organisation? Quest Enterprise Reporter provides visibility into users, groups, permissions and other configurations so you can keep your infrastructure healthy and secure with insights into what changes have been made so you can stay ahead of potential security vulnerabilities.
#4: Manage your systems
Be proactive and automate as much as possible from user account provisioning and de-provisioning to group membership. Once you ensure users have the correct access and permissions, you need to ensure you’re alerted when something isn’t right.
It’s crucial that organisations use operating systems that Microsoft still support and write patches for. Using old operating systems leave organisations vulnerable. Question whether your Active Directory is designed in such a way and up to date enough to be able to take advantage of the new features offered and supported with the latest operating systems in mind.
If you’re interested in learning more about the strategies and tools available to protect you from an attack I recommend you check out this informative whitepaper: That Dreaded Day: Active Directory Disasters & Solutions for Preventing Them.
Based in the UK? Come along to our Hands-on Demo Day to learn how to protect yourself from insider threats.