Beyond improving their patch management practices, organizations must take other critical steps to avoid falling victim to ransomware attacks, such as the recent WannaCry campaign, says security expert Doug Copley.
Copley, an independent security consultant and former CISO, says in an interview with Information Security Media Group that key steps include investing in enhanced malware detection technology, pinpointing where valuable data resides so it can be protected and restored, updating data backup capabilities, and staying well-informed about the latest threats. That last step proved particularly valuable in the wake of the WannaCry attacks, he says.
"One of the challenges that organizations have is the frequency of patching, but also getting the right information on the vulnerabilities," he notes. "In the case of WannaCry, it's having processes in place to communicate with industry sharing groups, like the Multi-State ISAC [Information Sharing and Analysis Center] or the National Health ISAC so that you're getting timely information."
In the aftermath of the recent ransomware attacks, Copley says, "active communication with the ISACs was critical because what that allowed organizations to do was understand how that malware was functioning and that there were a couple paths organizations could've taken to stop the malware from actually activating."
The sophisticated WannaCry ransomware attacks highlight the need for more advanced approached to malware detection, including technologies that use machine learning and artificial intelligence "to try to detect malware and prevent it from spreading," Copley says.
In the interview, Copley also discusses:
- Tips for improving patch management;
- Mitigating ransomware risks to medical devices.
- Threats posed by attacks involving Adylkuzz, cryptocurrency miner software, which exploits the same Windows vulnerabilities exploited by WannaCry.
Copley, an independent consultant, has 25 years' experience in IT, information security and data privacy. He was most recently deputy CISO as well as a security and privacy strategist at security vendor Forcepoint, formerly known as Raytheon|Websense. Copley is the founder and past chairman of the Michigan Healthcare Cybersecurity Council. He also previously served as IT director and CISO for Beaumont Health, senior compliance director and chief privacy officer for Ally Financial, and global information security manager for Ford Motor Co.