Prevention is better than cure, which is why it’s vital for organisations to build a proactive security strategy

Ransomware attacks are incredibly stressful. Unlike previous strains that were opportunistic and small in scope, modern ransomware targets entire organisations using sophisticated tactics to encrypt, destroy and steal data with little chance of recovery.

As organisations step back and review processes, people and technology for the post-Covid world, it’s crucial to also consider the security measures in place.

Creating a security-aware team

People are a critical line of defence for businesses, and the way colleagues respond to security challenges can be the difference between ongoing resilience and a damaging cyber-attack.

Minimising risk

Having robust controls in place and limiting access to business networks wherever possible can help reduce an attacker’s chances of breaching corporate systems.

Maintaining visibility over your IT estate

To ensure any ransomware attacks are managed and swiftly resolved, it’s crucial to keep logs and backups of critical services, files and networks. This includes logging events into a Security Information and Event Management (SIEM) system and storing this information for at least 90 days.

Ransomware is a profitable crime, so threat actors will continue to develop new ways to successfully
target organisations. As such, it’s highly likely that even more devastating attacks will occur in future using a combination of new and existing techniques, potentially including a self-propagating strain like EternalGlue and human deployment.

A leading university enlisted us to validate its cybersecurity posture

After we identified multiple improvements needed to bring the organisation’s security to the required standard, we were enlisted to design a comprehensive security package including a Managed Detection and Response (MDR) solution. The university was supporting essential research into Covid-19 and required assurance that its solution was fully secure, so the engagement was time critical. During this time, they were a prime target for a data breach due to Covid data being so valuable.

Challenge

With 30,000 students across six faculties, the challenge was considerable. From previous experience in the public sector, we have learnt that securing public bodies is more complicated than other sectors.

Student bodies’ liberal expectations of information sharing need balancing with requirements to protect the university’s extremely valuable IP. A nuanced, segmented approach to risk is required. Frequently with large organisations with a user base with high turnovers, a fundamental security requirement was an accurate understanding of the enterprise deployment which could be digested by security teams.

Once baselined, the next priority was to implement a solution that could identify malicious activity at the earliest possible stage and accurately report incidents so that effective remediation could be conducted. A solution that worked equally well for on-prem and cloud architectures was also required, as the customer operates an enterprise that draws on both designs.

Solution

We designed a multi-layered solution, including an MDR suite incorporating SIEM, endpoint and network detection with a unifying service wrap centred on a SOC facility. Under our project management, the full service was deployed progressively.

The specific requirement to deploy a full network discovery and access control solution had not been delivered in the managed service model previously. However, we developed the service at pace, implementing a working solution in tandem with the other elements of MDR.

In today’s complex and ever shifting ransomware landscape, taking positive steps to protect your infrastructure can make a tangible difference. To find out more about how we can strengthen your organisation’s defences and help you build a security strategy fit for the new normal, speak to our team.


0131 557 7650 response@nccgroup.com www.nccgroup.com


Partner Content in association with NCC Group