To stop future ransomware hacks, CIOs first need to 'swat the mosquitoes'

All too often IT departments can miss the the crucial signs of an incoming ransomware attack. What CIOs can do to avoid becoming the victim of the next global malware hack.

img 20170515 140831 01
Credit: Michael Kan

Recent coverage of the latest ransomware and phishing attacks makes one thing clear: You’ve got to keep your operating system up to date. But that recommendation, while important, may not get to the root of the problem.

Making sure you’ve got the latest Windows updates prevents the spread of ransomware such as WannaCry, after it’s already infiltrated your company. But it may not prevent you from getting the malicious code on your computer in the first place. 

Think of it this way: imagine if health officials, after discovering that the Zika virus was spreading rapidly across the globe, only focused on human-to-human transmission of the virus, and never mentioned the mosquitos that were actually the main cause of the virus’. 

In the case of the malicious WannaCry hack, reports vary as to the original source - we may never know.  But in the majority of infections, the “mosquitos” are the email messages — specifically, phish or spam — that appear to be a message you’d be interested in from someone you trust, but are in fact fraudulent messages sent by hackers.

Unfortunately, due to the way email works, it’s all too easy to send fake messages that appear to come from someone else. In fact, it’s as simple as putting a bogus name and email address in the “From:” field and pressing “Send.” That’s because when the wizards who first created the Internet initially set up email’s basic protocols, they balanced costs in computing power, implementation, and ease of use, versus the risk of fraud. At the time, it was nearly inconceivable that more than 85 percent of all email would be malware, phish or spam. So they didn’t include any provisions for authenticating the sender of an email

Today, if hackers are reasonably talented, they can make the rest of the email look like a realistic message from someone’s boss, or their bank, or their best friend, then add in a few links or an attachment for you to click that will deliver the malware. Given that 91% of reported cyber attacks start with a phish, it would appear that there are plenty of attackers who are talented enough.

This weakness is particularly poignant for cybersecurity experts because most of us know that an increasingly endorsed new open standard called email authentication can stop the vast majority of phishing emails in their tracks, and might have prevented the spread of Wanna Cry. In fact, recent reports in a number of security forums, including the US government’s security response organization (CERT), suggest as much.

Here’s why: email authentication uses a trio of widely accepted Internet standards to ensure that messages really do come from who they appear to come from. When email authentication is enabled, impersonated emails or phish can be identified and blocked so that they never reach the recipient’s inbox, working much like a virtual bouncer holding an approved whitelist of acceptable senders. 

To prevent another attack like this from succeeding, it’s clear that all companies and their employees need to follow a few basic principles.

Essential Steps to Prepare Against the Next Cyber Attack

  1. Ask your IT administrator or ISP to implement email authentication to prevent fraudulent emails. There are three standards, known as Sender Policy      Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC). To be effective they need to be configured properly and set to “enforce”.  If you do this, you and your customers and partners can be certain that emails sent from your company domain are legitimate.
  2. In some email systems, like Gmail, you will see a red question mark icon next to non-authenticated emails. Those emails cannot be verified as legitimate.  Be careful with those messages, and double-check with the senders before clicking on any links or opening any attachments in their messages. 
  3. Enable spam filters to prevent emails with suspicious content from reaching you.
  4. Install and maintain anti-virus software and conduct regular scans.
  5. Use caution when opening attached files or clicking on links in messages they receive. Be alert for typos or phrasing that seems slightly “off.” Examine the email address of the apparent sender carefully. Hover over links to reveal the destination URL before clicking on anything.  
  6. Back up your data regularly, on an automated schedule, and make sure each new backup isn’t overwriting the one before it.
  7. And yes, make sure your operating system is up to date with the latest patches. If there’s an option to auto-update, enable it. And if you’re still using Windows XP, like the National Health Service, it’s time to get rid of it.

WannaCry is hardly the first ransomware outbreak, and it certainly won’t be the last. Unfortunately, there are no silver bullets to prevent ransomware with 100% certainty. But one thing’s for sure: these attacks work because too many organizations fail to implement basic cybersecurity, starting with robust, properly implemented email authentication. 

If you’re trying to prevent the spread of Zika, go after the mosquitos that spread the epidemic in the first place. If you’re aiming at eliminating ransomware, start by swatting at unauthenticated emails.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the State of the CIO 2017 report