The Proactive Security Approach

It’s the word on everyone’s mind these days: ransomware. A few major outbreaks in 2017, international headlines, millions of dollars lost, thousands of individuals and organizations impacted – naturally the threat du jour is on everyone’s radar.

But the thing about IT security is: we never know what the next big thing is going to be. Everyone is scrambling to combat ransomware right now, but what happens when the bad guys come up with a new way to make our lives miserable?

Reacting to and preventing the latest threats – and existing threats we’re already experienced dealing with – is just responsible behavior. We have to fight the monster at the door, and there are tools available to do so. But what about the monsters we haven’t seen yet? What comes next after ransomware, and how do we prepare for it?

Many attacks; few methods

While the means of attacks – malware and ransomware, phishing and spear phishing – varies and constantly evolves, the truth is there’s actually a limited number of methods at the core of how these attacks are designed.

Traditional antivirus simply can’t keep up with how quickly new malware is developed. It’s not a matter of updating your antivirus every week or even every day – viruses are created with such frequency and speed that simply updating for known malware isn’t enough.

What is possible, however, is to understand the tricks and exploits hackers use to develop those attacks. While malware variants number in the millions or more, the exploits attackers use are relatively few – closer to the tens than the millions.

Certain products – like Intercept X from Sophos – focus on the characteristics of these exploits rather than predicting millions of threats, because it’s the behavior indicative those exploits are being used that raise the red alert that an attack is happening. By spotting use of the exploit, Intercept X can protect users and the network against an attack that has not hit the mainstream yet, proactively defending against previously unknown malware, ransomware, or more.

Automation is key

Admins can’t be everywhere and watch everything every second of every day, and it only takes seconds for an attack to take hold. Did you know nearly half of organizations report a problematic shortage in trained, capable IT staff? There’s just not enough available talent to keep everyone safe.

But rather than relying on admins to play whack-a-mole with the next great IT security threat, try adding automation to take some of the burden off of already overloaded staff.

Sophos Synchronized Security, for example, improves response time to threats by allowing endpoint and network solutions to talk to each other and share threat intelligence, combining resources, in a way, to identify threats from multiple vectors. And because they’re communicating, when an attack is detected, the infected endpoint is automatically isolated until an admin can take action.

This also resolves a common issue with IT security – you might have trustworthy solutions for endpoint and firewall, but they require separate maintenance and management. With solutions that work side by side, it saves overburdened staff hours upon hours of time while the solution itself is capable of automated monitoring and lockdown when a treat is detected.

Education – preventing human error

No matter how great your solutions are, though, we all know the most common location where attacks find success: human error. Even savvy end users are susceptible to accidents and slips of attention, and it is a struggle for all admins to try to keep their staff proactively aware of their own internet safety. But with the right training and education, you can create a culture of proactive security to become yet another line of defense against new and emerging threats. Just like we don’t know what the next ransomware or other headline-making threat will look like, neither do we know what sort of tricks or mind-games the bad guys will use to target our end users.

And our end users need our help – did you know that phishing emails are opened at a higher rate than actual marketing or advertising messages? Users are being targeted aggressively by smart attackers, and need help knowing what to look for to keep themselves – and their organizations – safe.

A training option like Sophos Phish Threat can grant some of the basic (and advanced) skills users need to identify when they’re being phished. Those skills are transferrable – right now, they may save them from being phished and putting your organization at risk for a ransomware attack, but if your end users are smart, well-educated denizens of the internet, they’ll keep those good browsing habits forever, and an educated user is a safer one, proactively doing their part to maintain the security of your network.

If we’ve learned one thing, it’s that we can’t predict exactly what the next big threat will be – but we can prepare for it and be flexible and proactive in how we protect our users, our networks, and ourselves. The right planning, and the right solutions, can make that happen.

Guest blog courtesy of Sophos. Read more Sophos blogs here.