February 28, 2019
Proactive Defense Explained
We learned this week that the NFB fell victim to a computer virus. The consequences are disastrous for the NFB. Loss of access to files, loss of intranet and internet, loss of database systems and, worst of all, loss of production systems for nearly two weeks. If we apply this scenario to a small or mid-sized business, [...]
We learned this week that the NFB fell victim to a computer virus.
The consequences are disastrous for the NFB. Loss of access to files, loss of intranet and internet, loss of database systems and, worst of all, loss of production systems for nearly two weeks.
If we apply this scenario to a business, it translates into a shut-down plant, employees producing nothing, and cancelled appointments. In short, no sales, no revenue, and the costs of responding to this crisis, which will no doubt be very high.
It's a safe bet that the NFB will conduct a "post-mortem" of the situation to understand what happened and, above all, what can be done to prevent it from happening again.
I'll tell you right now: the number one solution will be proactive defense. It's the only thing to do, since these attacks are more often than not arbitrary.
What is proactive defense?
It's not simply a box or a piece of software you install and forget! It's a combination of tools, behaviours, and best practices.
Technological aspect
The technological aspect covers what can be done by a machine, requiring a varying degree of human interaction.
It includes the usual technologies, such as traditional and advanced antivirus, IPS and IDS tools (respectively Intrusion Prevention System and Intrusion Detection System), firewalls, and so on, as well as security log analysis. In short, technologies that make it possible to detect abnormal behaviour. Detection is the first step when it's time to respond to a security incident. We'll cover this aspect in another article.
Behavioural aspect
The behavioural aspect consists of educating users about the cyber threats that exist. Insist that all your employees take at least one cybersecurity training session per quarter. We also encourage you to test your employees' knowledge. It's the first line of defense!
Best practices aspect
There are several best practices to adopt. Ideally, you should minimize the attack surface. This translates, among other things, into a security model where the most restrictive rights are granted. Make sure identities and access are managed properly, and that updates to ALL equipment are kept fully up to date.
Despite all the prevention possible, the point we can never stress enough: have a recovery plan! Good backup copies that are isolated and tested!
Don't hesitate to surround yourself with professionals who can help you in this process. It's no doubt an investment that could save you tens or even hundreds of thousands of dollars.