Reality has a way of asserting itself, regardless of the choices we make. Recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.
Everyone said “foul play” and suggested that proper cybersecurity measures should have been put in place. Again, as usual, it all happens too late. The attack was not unique or special, and it wasn’t the last of its kind.
We are happily whistling into the wind and moving as if nothing happened. Is everyone’s recovery plan really that good? Are all of the security measures in place?
Before covering the basics, cover them up. Password hygiene, restrictions on account sharing, and clear instructions not to open untrusted emails are all part of proper user training. Human actions are still the weakest link in cyber defense.
You can’t protect what you don’t know if you don’t audit the infrastructure side. Network segmentation will separate all traffic into the smallest possible divisions.
If a server doesn’t need to see or talk to another server, then that server shouldn’t be connected to the same VLAN. It is time for remote access to move away from traditional PureVPN access.
Even if communication is internal only, everything must be protected. Someone can eavesdrop where you least expect it, because you don’t know what has already been done.
Users shouldn’t be allowed to randomly plug in devices to your network. Lock ports and restrict access to the internet. Users will complain, but it’s just part of the tradeoff. It is recommended that exceptions be kept to a minimum.
It is important to keep everything updated via patching. It’s equally true for the print server tucked away in the closet as it is for the public-facing server.
An unpatched server is vulnerable and can only be brought down by one of them. Live patching is an alternative method if patching is too disruptive to use daily.
Plug as many holes as possible, because hackers don’t need you to make it simpler for them. You don’t have to worry about patching vulnerabilities that are not important because you can just patch them all. There is no bad news.
If a server is no longer needed, decommission it or destroy it. You need to act fast if it’s a container, instance, or a nodes. If you don’t, you’ll forget about it. It’s too late now.
Maintaining a proactive approach is something you should do. Stay up to date with the security and threats news. Sometimes it’s one of the countless “regular” vulnerabilities that hits the hardest, because they have a disproportionate share of attention due to being “named” vulnerabilities. A vulnerability management tool can help with this.
A disaster recovery plan needs to be in place. “What if we woke up tomorrow and none of our IT worked?”
What can I do to get barebone services up and running? How long does it take to restore the entire backup? Is the backups tested regularly? Is the deployment process documented, even if it’s a hardcopy script? Losing our systems, data, or infrastructure for several weeks can have legal ramifications.
If you can’t answer any of the questions, that means you have work to do, and that’s something you shouldn’t delay.
While all you have to offer is a blank stare and a scared look on your face, you want to avoid getting into a situation where your systems are down, your customers are going to your competitor’s website, and your boss is demanding answers.
It’s not a lost battle. All the questions we posed can be answered, and the practices described above are a good start.
Before an incident happens, the best starting point is right now, if you haven’t already looked into it.
TuxCare is the leader in enterprise-grade Linux automation and sponsors this article. Tuxcare offers unparalleled levels of efficiency for developers, IT security managers, and Linux server administrators who want to simplify and enhance their cybersecurity operations. Over one million production workloads are secured and supported by TuxCare’s Linux kernels live security patching and standard and enhanced support services.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
