Page 35 - MRWATODAYSpring2021flipbook
P. 35
Even so, there are vulnerabilities – mostly human error – which means constant This is a different way to look at security. In the past the user was assumed to
security awareness training is critical. understand thinks like phishing attacks and be diligent about handling email
attachments. At the same time, macros were assumed not to be malicious. That
Hacking Has Come a Long Way: is not true today and so an EDR tool fills the gap by looking at the behavior
The Email Attack Vector on the computer. If someone opens the file attachment, the EDR sees Word is
Hackers are very professional. Long gone are the days of broken English being opened which the EDR recognizes as normal behavior, but then it sees
and misspelled words. Especially in the case of spear phishing attacks, the the macro calling the Microsoft Windows encryption service and a red flag
techniques are very refined. The criminals learn about an organization and goes up. Now, the EDR knows that that is not normal behavior and freezes the
then use tactics such as sending an email that looks like it is from the executive process before file encryption begins. It will continue to do so as long as the
director authorizing a $50,000 national wire. To defend against it, begin with six attack is active. A lateral movement attack vector not only attempt to encrypt
layers (security training, Sender Policy Framework (SPF), DomainKeys Identified everything on the network, but it will try to spread the ransomware.
Mail (DKIM), Domain Message Authentication Reporting (DMARC), spam filters,
DNS filters, Endpoint Detection and Response (EDR), and ransomware-proof Orchestrating Prevention and Solutions
backups), which can completely stop it or mitigate the attack attempt. The complexity of these attacks builds the case for security designed to bend
but not break to allow time to orchestrate mitigation.
Again, it cannot be stressed enough - everyone must have security awareness
training in an organization and leaders must make sure to create and All of the tools available are useless without the orchestration – properly
encourage a security-first environment. Though it may seem like a hassle, the assessing the risk, having the technical tools at the ready, plus understanding
time has come to accept the reality and be prepared for the inevitable. administrative, technical, and physical controls. The best case scenario is a
security provider with multiple vendors and best-of-breed products, practices,
Everyone that has access to any kind of computer or device that is on a network and policies.
must have security awareness training. Continuously. No one is exempt.
In the final analysis, whether a water utility decides to handle security in-house
Building a Security Toolbox that Works or outsource it, having both a management and policy-driven remote access
A best practice is to set up SPF, DKM, and DMARC within DNS to which a water strategy with the ability to monitor the hardware devices on a network and
utility’s cybersecurity expert has email and domain access. These three tools analyze the logs to see if they’re showing any abnormal behavior.
help ensure email flow is authentic. This has become part of the national
strategy over the past couple of years and now private industry is starting to
adopt it.
The job of a spam filter is to trap hundreds of emails with potentially malicious
attachments - it is a first line of defense when it comes to a ransomware attack. About the Author
Once criminals have open access the network a common implementation is
to “phone home” to get an encryption key. Then it begins file encryption on Tom Kirkham, founder and CEO of Kirkham.IT. Most recently
the target, and tests to make sure that it’s going to be able to unencrypt the Tom founded IronTech Security to focus on cybersecurity defense
files once the victim pays the ransom. Ironically, distributors of malware have systems for rural water utilities among other industries. IronTech
good customer service. Some actually have 800 numbers and use screen focuses on educating and encouraging organizations to establish
sharing support to help make sure the victim’s files get unencrypted, and offer a security-first environment with cybersecurity training programs
assistance with ransom payment using Bitcoin, View Cash, or other methods. for all employees to prevent successful attacks. Tom brings more
than three decades of software design, network administration,
and cybersecurity knowledge to the table. During his career, Tom
In addition to a spam filter, a known DNS filter will trap that request and has received multiple software design awards and founded other
the files will never get encrypted because it never got the key. Tools such as acclaimed technology businesses. He is an active member of the
Windows Defender will defend against Trojans, but for malware attacks that FBI’s Arkansas InfraGard Chapter and frequently speaks about
is just not enough. This is where an EDR comes in. Say the spam filter lets the the latest in security threats.
email through, the SPF and DMARC don’t detect it, the security training fails,
the DNS filter doesn’t block the encryption request, and the antivirus fails. The
savior here is EDR which uses behavioral analytics and artificial intelligence to
see if the commands are at normal and expected behavior.
SPRING 2021 S MRWA TODAY 35
