BlackBerry SVP on post-WannaCry Cybersecurity: Start with the endpoints

By Florian Bienvenu
To help organisations outsmart DDoS, ransomware, and other methods of hacking, the first thing the IT department should do is to understand the cybersec...

To help organisations outsmart DDoS, ransomware, and other methods of hacking, the first thing the IT department should do is to understand the cybersecurity risks associated with not implementing secure solutions.

To protect themselves against WannaCry or any other type of attack, it’s critical that organisations prepare ahead of time. Otherwise, once the system has been infected, there is no realistic way to decrypt all the data without paying the ransom – and even that’s no guarantee.

Once the risks are understood, the second thing organisations need to do is to put in place processes to prevent attacks occurring in the future, in particular ensuring that OS and virus definitions are kept up-to-date. Nearly all complex systems have security vulnerabilities, and many are found months, years or even decades after the software is first released. For example, WannaCry was a specific leveraging of  vulnerability called EternalBlue, which was specifically within the Windows operating system. In order to fix the leak, Microsoft patched a critical security update in March 2016. Therefore, IT administrators should ensure that all Windows machines on the network receive the appropriate patch update.

It’s also essential to back up critical data in a separate location. Ransomware operates on the assumption that companies don’t have data backups; if you do, you can simply restore the data and get back up and running. What makes WannaCry unique is that it’s a self-replicating worm, meaning that it automatically tries to spread to other computers on the same network. Businesses should ensure the backups are properly isolated, either by segmenting the network or using a cloud backup solution. Secure file-sharing solutions offer both options and can help businesses protect files across all major desktop and mobile endpoints.

The expanding number of intelligent connections and endpoints within an enterprise are also exponentially accelerating organisations’ vulnerability. Now, data breaches and cybersecurity threats are some of the biggest roadblocks for enterprises. It is, however, more important than ever that businesses are able to confidentially and reliably transmit sensitive data between endpoints to keep people, information and goods safe. As such, businesses need to secure their network of endpoints rather than focusing on securing their network of computers.  

In order to secure the network of endpoints, organisations need greater simplicity and integration in order to deter threats, and rather than pulling together a patchwork of components and products from different vendors, they must rely on highly trusted suppliers that offer security solutions to meet all their needs. These suppliers should provide an innovative and unified end-to-end solution for the secure management of all endpoints within an organisation.

Finally, in addition to hardening IT infrastructure against intrusion, companies must not forget the importance of education. To prevent vulnerabilities, organisations should educate their employees on security, which regularly proves to be an easy thing to forget.

The more an employee knows about securing their devices, the less at risk they are of experiencing a cyberattack. 

 

Florian Bienvenu is SVP, EMEA, at BlackBerry

Share
Share

Featured Articles

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Our marquee technology event is nearly here. There's still time to claim your free ticket (worth £295). Look forward to welcoming you to the Tobacco Dock!

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

As we prepare to welcome the Zero Trust leaders to TECH LIVE LONDON this June 23-24, we take the opportunity to chat to Zscaler CISO of EMEA, Marc Lueck

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation

New speaker from Infosys announced for TECH LIVE LONDON!

Digital Transformation

New speaker from Bernadette announced for TECH LIVE LONDON!

Digital Transformation