According to the Wall Street Journal, followed by the Washington Post, Russian hackers used Kaspersky anti-virus to steal NSA cyber defense information off of an employee’s home computer.
Even if you do not use Kaspersky, you still need to take 5 important steps.
There is no guarantee that other anti-virus software is immune.
What can you do to better protect your and your customers’ sensitive information when you cannot trust other programs like CCleaner, Kasperski, and who knows what else you will find out is a threat?
First of all, never let employees take sensitive information to their home computers. That’s not a panacea, but according to sources, the attack happened on a worker’s home computer. It is always important to keep sensitive data away from home computers that your IT professionals cannot maintain.
Second, more companies may start to embrace the technology called application whitelisting; it works the opposite of anti-virus tools that look for bad programs. Application whitelisting only lets approved programs run, so all other programs, by default, are not permitted to run. The strategy is that you give a list of approved programs to your computers and those are the only programs permitted to run. Configuring application whitelisting can take time, and time to maintain. And it will involve you meeting with IT to help them know what programs are essential to your organization. And Microsoft has a version, called App Locker, built in for company computers.
Third, limit the number of software vendors you use in your company. Every new company you let in the door is a potential risk. This is an opportunity for Microsoft, Apple, Citrix, VMware, Adobe, and others to really step up their game and offer more complete solutions.
Fourth, companies will just start installing fewer programs to begin with. Make users local standard users so they are unable to install their own programs. Every program, whether intentionally by the manufacturer or not, is a potential foothold for attackers to use to get into your systems. The whole movement for simplicity may overlap into the cyber world too.
Once upon a time, many years ago, I had the opportunity to work in South Africa for several weeks. While in Johannesburg, a taxi driver told me that the company with yellow colored taxis was very successful competing against the company with blue taxis. People chose to ride in yellow taxis more often than blue.
So, in order to increase business, the drivers with blue colored taxis started shooting guns at people riding in the yellow colored taxis. That was an incentive for riders to choose to ride in blue taxis. And it worked. More people chose the blue cab company over the yellow cab company. However, as you can imagine, the strategy was adopted by other taxi drivers too, so it became very dangerous to ride in any colored taxis.
The driver told me that taxi passengers became so fearful for their lives, that they all started taking the train. The trains got very busy. How did some taxi drivers respond? He told me that the taxi drivers, if they were having a slow day, would throw people off trains in order to make people more afraid of riding trains than riding in taxis.
Now, in 2017, according to the news, taxi drivers are attacking uber drivers for a similar reason.
This isn’t about South Africa. I love the people I met there – they had extreme kindness, integrity, hard working – there are people there that epitomize ideal friends, work associates, and customers. I have great feelings just thinking back to the amazing people and the experiences.
How this relates to cyber security is that bad actors use cyber-security tools, and other programs that your organization trusts, to launch attacks. If we allow it to, this can get out of hand. Do you remember the story about the Greeks who built a big horse, loaded their soldiers inside quietly, and managed to get the citizens of the ancient city of Troy to bring the horse into their city walls? According to the story, the trick worked very well and the trusting citizens had a very bad day when the soldiers poured out of the horse and attacked.
If programs were like big wooden horses, most of them would not contain attackers. But the lesson here is that it is difficult to know for sure. It may be best for organizations to be careful to not let so many programs, like horses, enter their gates at all. Trim back the number of programs you have installed at your company.
Fifth, stop storing data on computers and networks if you do not need the data readily accessible. Sure, a lot of your data does need to be instantly accessible. But think about it, strategize about it, is there any data that your team doesn’t use on a regular basis? Store that information offline. You can copy the information back onto your servers when you need it, but it isn’t there all the time. Data that that is not stored in servers cannot be stolen from the servers, nor can it be encrypted if ransomware encrypts the files on your servers.
Please forward this to your friends so that they can start protecting their systems with the 5 steps above.