View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 12, 2018updated 14 Feb 2018 12:33pm

Celebrate the Patch this Clean Up Your Computer Day

Organisations and those with home computers all need to ensure that their hard drives are running smoothly, and that software is updated and old programs removed.

By James Nunns

February 12th is ‘Clean Up Your Computer Day’. This important awareness day promotes both clean hardware and clean software within the organisation and at home.

In its most simplistic form, this is a good opportunity for organisations to remind their employees to carry out important computer maintenance, such as physically wiping down their computers, which usually falls by the wayside. More critical in today’s security threat landscape is ensuring that all software is also “clean”.

Organisations and those with home computers all need to ensure that their hard drives are running smoothly, and that software is updated and old programs removed.

Basic IT health checks should be top of Security teams’ agendas this Clean Up Your Computer Day as well as at regular intervals throughout the year. This is particularly poignant seeing as a recent report from the OTA (Online Trust Alliance) found that there were 159,700 total cyber incidents in 2017. Furthermore, 7 billion records were exposed in the first three quarters of the year, and the financial impact of ransomware was $5 billion. Worryingly, 93% of breaches that occurred in 2017 could have been prevented by following basic security best practices such as implementing patching software. This demonstrates that despite the onslaught of high profile attacks that took place, organisations still aren’t recognising the value in being able to patch quickly and comprehensively.

Beyond patching it is also a good idea to ensure hardware drivers are up to date.  There are many hardware vulnerabilities coming up now as well and updating firmware is required to plug these vulnerabilities. For infosec professionals, leveraging awareness days such as this one is a good way to capture the attention of those who make decisions in your organisation, such as the board.

 

Case & Point: Spectre and Meltdown

2018 started with a bang when the CPU vulnerabilities known as Meltdown and Spectre were discovered by independent researchers using multiple proof-of-concept examples of the attack methods. This may feel like déjà vu for many security pros as the start of 2017 saw the Shadow Brokers disclosing the SMB exploits that later led to many global cyber security events. Meltdown and Spectre have stood out as particularly far-reaching vulnerabilities – if you looked at the CERT KB you would have seen the list of affected vendors, which was pretty much everyone.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Promising recent research has identified that while 139 malware samples related to Meltdown and Spectre have been identified, there have not been any widespread publicly disclosed malware attack campaigns using the vulnerabilities. While this is great news, we also should not delay in investigating rollout of fixes. Mitigating updates have been released by hardware vendors and software vendors alike, but there have been many issues found in the updates released as well. Intel has had to pull some updates as they were causing issues or didn’t properly mitigate the vulnerabilities. Likewise OS updates from Microsoft have had a few issues, from conflicts with AV vendors (as a result of those vendors’ methods of interfacing with the Kernel) to random reboots after applying updates and turning on mitigation features.

My recommendation is to not delay testing of firmware, OS, and software updates, but to approach with more testing and caution than normal, as there are fundamental changes to interactions with the Kernel which have been proving to be problematic for vendors. Also keep watching for additional updates as it seems we are far from done with these vulnerabilities.

 

Back to Basics

The current landscape is in essence a lethal petri dish of cyber attackers, some of whom are more skilled than others, but all of whom have access to exploit kits available online. These kits include pre-written exploit code, and criminals will often even have access to support and updates, just like legal commercial software. Combine that with the online availability of sophisticated tools that were originally intended for cyber espionage, and you have an idea of how deadly the cyber threatscape out there today is.

Organisations should always be prepared by embracing a layered approach to security, and one that makes full use of the power of the patch – patching won’t protect against everything but it’s still the most important step in a cybersecurity defence plan. If organisations can’t patch—because they’re running legacy systems, for example, or they have concerns that patching will break something in their environment—they then need to block the applications that don’t get patched with tools like application whitelisting and privilege management. Regardless of how or where a user accesses their desktop, it’s essential they receive only the authorised apps they need to be productive.

There are other layers to your cybersecurity defences to consider. User education is vital to preventing those initial—potentially malware-laden—phishing emails from getting in, while regular backups (including off network, to protect against ransomware) will mitigate the risk of data loss. Correctly configuring Windows firewalls can also help to halt the spread of ransomware within the organisation. However, patching and application control should be first on the list for all organisations looking to fortify their organisation against attack—and can go a long way toward reducing an attack surface, enabling businesses to take on the attacks that do get through, even with limited resources in place.

So, “cleaning up your computer” isn’t as simplistic as it initially appears, but in fact promotes business critical processes that could protect your organisation against the next WannaCry or NotPetya.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU