Saturday, October 25, 2014

Cryptolocker - why your security software won't stop it

It's not how much you've spent on security products and what you've deployed that really matters when it comes down to threats like Cryptolocker. It's HOW you've spent the money and HOW you've deployed these security products.

I have come across a few companies that have been hit by this nuisance. Some have been lucky enough to have backups while others haven't. Some were able to get back on their feet in a matter of hours, some took days and some couldn't. One common thing that I noted was - all of them had a LOT of security products.

Security products, are generally mass-developed for millions of users, all around the world by security software companies. They are, in most cases, off-the-shelf products that anyone can buy and then deploy in their network(s). Once its up and running, the day-to-day management of it is the owner's role and responsibility. This is where things start going downhill.

Every network is different. And this is why every network has different security needs. One product, in this industry, simply put, never fits all. You could buy the best security solution out there but you still need to make sure that it is, one, deployed the right way on your network and, two, it is managed correctly,  every day. This is where you will fail. Guaranteed. Not today, not tomorrow but one day you will. Why? Simple - it is not your job to do ALL of that! There are people who do that for a living and are really good at that because it's their job. That's all they do.

You need to get people who specialize in security architecture and auditing on your side. You need these guys to setup your security infra-structure and then keep an eye on it. At the end of the day, you could have a really great security setup but if your staff is not educated on a regular basis on how to keep security in mind, all the time, it's only a matter of time before one of them plugs in that USB.

To wrap it up, I think the very important thing to know here is that all security products today, be it firewalls, AVs, IPSs etc, come with great features and are on top of most things malicious BUT we need to tweak, modify or downright change a few things around in order to best utilise them for our network. Once that is done, we need to make sure people in our organisation are aware of what's happening around them and make sure they be careful at all times.