Information Technology

Security firm FireEye on Tuesday reported record revenue for the fourth quarter and the full fiscal 2020. The strong results follow FireEye’s disclosure in December that it was the target of a massive international cyber espionage campaign. 
“We continue to transform our business and believe we are well-positioned as organizations shift to intelligence-led security focused on security effectiveness,” CEO Kevin Mandia said in a statement. 
Earnings for the quarter came to 12 cents on revenue of $248 million, an increase of 5 percent from the fourth quarter of 2019. 
Wall Street was expecting earnings of 10 cents per share on revenue of $240.01 million. 
“Our record fourth quarter and 2020 results demonstrated that we are gaining momentum in our Platform, Cloud Subscription, Managed Services and Professional services categories,” Mandia said. 
The combined revenue from those two categories accounted for 55 percent of total revenue in 2020. 
Annualized recurring revenue came to $638 million, an increase of 8 percent from Q4 2019. Platform, cloud subscription and managed services annualized recurring revenue totaled $340 million, an increase of 20 percent from Q4 2019. 

The company in Q4 introduced its Mandiant Advantage SaaS platform. 
“Our vision is to become a seamless extension of our customers’ security operations by delivering our threat intelligence and expertise gained on the frontlines through the Mandiant Advantage platform,” the CEO said. 
For the first quarter of fiscal 2021, FireEye expects non-GAAP net income between 5 cents and 7 cents. It gave a revenue outlook between $235 million and $238 million.

Tech Earnings More

Singapore has yet to see significant impact from the SolarWinds security breach on its critical information infrastructures (CIIs) or government systems, but has urged organisations to safeguard their systems against potential threat. It also is looking into concerns related to upcoming privacy policy changes on WhatsApp, which is amongst messaging platforms the government uses to push information to the local population. 
When news about the SolarWinds security breach broke, Singapore’s Cyber security Agency (CSA) had raised the national cyber threat alert level and with the country’s CII sectors to assess and monitor systems here, said Minister for Communications and Information S. Iswaran. 
Noting that the attack was sophisticated and evaded detection for months, he said the breach was particularly “noteworthy” since the SolarWinds software was part of the network control and management infrastructure and, hence, was trusted and had privileged access to internal networks.

Global pandemic opening up can of security worms
Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.
Read More

“There is no indication, thus far, that Singapore’s CII and government systems have been adversely affected by the SolarWinds breach,” said Iswaran, who was responding to questions raised in parliament Tuesday. “The government is, nonetheless, adopting a cautious stance.”
He said CSA had issued public advisories on steps enterprises should take to safeguard their systems against potential threats, including having full visibility of their networks and detecting unusual activity in a timely manner. He added that the situation still was evolving as affected companies continued to investigate the breach. 
Hackers involved in the attack were believed to be acting for the Russian government and had deployed a malware-laced update for SolarWinds’ Orion software, infecting the networks and compromising sensitive data of several US government agencies and Fortune 500 companies, including the US Treasury Department, Microsoft, and FireEye.
Iswaran said the attack highlighted the need to move towards a Zero Trust security posture, where activities should not be trusted until they were verified and there was constant monitoring and vigilance for suspicious activities. This also encompasses compartmentalising and restricting access to various segments within the network, validating transactions across segments, reconciling any escalation of user privileges, and actively hunting for threats.

In addition, organisations should establish cyber incident response plans to deal with situations in which they were breached in an attack, he said. 
“The SolarWinds incident underscores the global and trans-border nature of cyber threats,” the minister said. “Though difficult to completely prevent, we need deliberate, targeted, and consistent efforts to strengthen our cyber defences against [such] sophisticated threats, which exploit the supply chain of trusted vendors and software.”
Government’s WhatsApp channel has 1.22M subscribers
Iswaran also responded to questions with regards to WhatsApp’s upcoming privacy policy changes, revealing that the government was “looking into concerns” raised by consumers. 
WhatsApp in recent weeks had begun pushing notifications to users about an update to its privacy statement, noting that they would have to accept the changes after February 8 in order to continue using the messaging platform or, otherwise, delete their account. Its previous policy had allowed users to opt out of most data-sharing with Facebook. 

The news prompted many to seek out alternatives, fuelling downloads in particular for Signal and Telegram. The public outcry was enough to convince WhatsApp to delay the policy change to May 18 and force Facebook to issue several clarifications about the update.
It said the policy changes were related to how organisations used the messaging app and would not affect the privacy of users’ messages. “This update includes changes related to messaging a business on WhatsApp, which is optional, and provides further transparency about how we collect and use data,” it said in an FAQ.
According to Iswaran, there currently were 1.22 million subscribers to Singapore’s Gov.sg WhatsApp channel, which was amongst several platforms it used to communicate with the public. These included Telegram, Twitter, as well as its own Gov.sg website, he said, adding that these platforms were tapped for broadcasts of “non-classified and publicly available information”. 
Noting that communication of classified data through commercial messaging platforms were prohibited, the minister said the Singapore government had rules on the use of such applications. These rules were independent of changes to the terms and privacy policies of messaging platforms, including WhatsApp, he added. 
“Private-sector organisations contracted by the government to perform data-related activities, including the processing and communication of personal data, are bound by contractual terms and conditions. These will determine whether organisations are permitted to share, for their own commercial purposes, the data that has been provided by, or collected on behalf of, the government,” he explained.
“Depending on the nature of the data involved, organisations may also have to comply with the data protection requirements in the Personal Data Protection Act and adhere to the Official Secrets Act,” he said. “Private-sector organisations that use WhatsApp as a business communications tool should be aware of the changes, and review their data protection policies and contracts with third parties to ensure they continue to align with the requirements under the PDPA.”
He said the Personal Data Protection Commission was “engaging” WhatsApp with regards to the latter’s updated privacy policy and sharing of personal data with Facebook. 
RELATED COVERAGE More

Logo: Apache Software Foundation // Composition: ZDNet
Google is funding a project at the Internet Security Research Group to port a crucial component of the Apache HTTP web server project from the bug-prone C programming language to a safer alternative called Rust.

techrepublic cheat sheet

The module in question is called mod_ssl and is the module responsible for supporting the cryptographic operations needed to establish HTTPS connections on an Apache web server.
The ISRG says it plans to develop a new module called mod_tls that will do the same thing but using the Rust programming language rather than C.
The module will be based on Rustls; a Rust open-source library developed as an alternative to the C-based OpenSSL project.
To lead this work, the ISRG management has contracted Stefan Eissing, the founder of software consultancy firm Greenbytes, and one of the Apache HTTP Server code committers, to lead the mod_tls project.
ISRG hopes that once their work is finished, the Apache HTTP web server team will adopt mod_tls as the default and replace the aging and more insecure mod_ssl component.
A quick way of securing billion of users
According to W3Techs, the Apache HTTP web server is today’s top web server technology, used today by 34.9% of all the websites whose web server technology is known.

“Apache httpd is still a critically important piece of infrastructure, 26 years after its inception,” said Brian Behlendorf, one of the Apache web server creators.
“As an original co-developer, I feel a serious revamp like this has the potential to protect a lot of people and keep httpd relevant far into the future.”
Over the past few years, Rust has become one of the most beloved programming languages around [1, 2].
Developed using a sponsorship from Mozilla, Rust was created to create a safer-to-use, low-level, multi-purpose programming language as an alternative to C and C++.
Unlike C and C++, Rust was designed as a memory-safe programming language that comes with protections against memory-management issues that often result in dangerous security flaws.
Memory-safety vulnerabilities have dominated the security field for the past decades and have often led to issues that can be exploited to take over entire systems, from desktops to web servers and from smartphones to IoT devices.
Microsoft said in 2019 that the percentage of memory safety issues patched in its software had hovered around 70% of all security bugs for the past 12 years.
In 2020, Google echoed the same number when the Chrome team said that 70% of the bugs patched in its web browser were also memory-related issues.
Both Google and Microsoft are currently running experiments with using Rust in both Chrome and Windows. Microsoft has even gone so far in its recent experiments as to create a whole new Rust-like derivate programming language called Verona, which it recently open-sourced on GitHub.
With such statistics from both Google and Microsoft, and with almost two-thirds of all entire websites now redirecting to HTTPS, porting Apache’s mod_ssl module to Rust is a simple and fast way of making sure billions of users are kept safe in the coming years. More

Ransomware gangs made at least $350 million in ransom payments last year, in 2020, blockchain analysis firm Chainalysis said in a report last week.
The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks.
Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due.
The company blamed this on the fact that not all victims disclosed their ransomware attacks and subsequent payments last year, with the real total being many times larger than what the company was able to view.
Ransomware was 7% of all cryptocurrency-based crime
But despite the low figure, Chainalysis says that ransomware was actually on the rise.
According to numbers released in a previous report, ransomware payments accounted for 7% of all funds received by “criminal” cryptocurrency addresses in 2020.
The number rose 311% compared to 2019, Chainalysis said, blaming this sudden increase on “a number of new strains taking in large sums from victims” and “a few pre-existing strains drastically increasing earnings.”

Image: Chainalysis

Based on the company’s data, among last year’s top earners, there were groups like Ryuk, Maze (now-defunct), Doppelpaymer, Netwalker (disrupted by authorities), Conti, and REvil (aka Sodinokibi).
Nonetheless, other strains like Snatch, Defray777 (RansomExx), and Dharma, also pulled profits estimated in the range of millions of US dollars.

Image: Chainalysis
Chainalysis said that based on how victims paid their ransoms, and how certain RaaS profits spiked and fell, there is also evidence to suggest that the ransomware scene is also formed of far fewer threat actors than initially believed, with many of these groups constantly switching from one RaaS (ransomware-as-a-service) to another as they’re lured by better deals.
Few exit points open the door for law enforcement disruption
Furthermore, Chainalysis said it also tracked how crooks moved the ransom payments through the blockchain.
Their findings weren’t too different from previous years, noting that criminals usually laundered funds through “Bitcoin mixing” services and then sent the funds to both legitimate and high-risk cryptocurrency exchange portals to convert the funds into fiat, real-world currency.
But the Chainalysis team also confirmed a report from Advance Intelligence published last month that found out that ransomware gangs often use these same funds to pay for other cybercrime services.
Chainalysis says it, too, saw payments being made to bulletproof hosting providers, exploit sellers, and penetration testing services (also known as initial access brokers), as ransomware operations dealt with their “suppliers.”
However, the primary finding of this report was that many of these cybercrime operations, and not only ransomware, often reused the same intermediary money laundering services.
“Instances of overlap in money laundering services is important information for law enforcement, as it suggests they can disrupt the activity of multiple strains — in particular, their ability to liquidate and spend the cryptocurrency — by taking one money laundering operation offline,” the Chainalysis team said.
Furthermore, the same tactic could be applied to crypto-exchanges, the points where most of the ransomed funds exit the blockchain.
Chainalysis said that a group of only five exchange portals received 82% of all ransomware funds in 2020, exchanges where law enforcement could apply pressure in the future to disrupt the crucial cash flow of ransomware operations. More

Pros
✓Small light and compact
✓VPN and Tor
✓Dual Band Wi-Fi

Cons
✕Some technical knowledge needed to set up securely

The GL.iNet Beryl (GL-MT1300) pocket-sized travel router has some great security features in its ultra-portable form factor.

This router is small at 118 x 85 x 30mm and weighs 184g. However inside, there are a lot of useful features that you might need when you are out and about.
Inside the router, a MediaTek MT621A dual-core processor is running at 880MHz. It has 256MB of DDR3L memory and 32MB flash memory.
It is powered by a USB Type-C power supply, has a USB 3.0 port and three gigabit Ethernet ports on the front of the router. Two side antennas fold down for ease of transportation.
The Beryl comes with dual-band Wi-Fi delivering up to 867mbps for 5GHz, and 400MBps for 2.4GHz Wi-Fi bands. It also supports Ipv6.
The router uses OpenWrt (19.07.4), which is an open-sourced operating system based on Linux. The root access allows users to customize and optimize devices and can install different applications within Beryl.
Top ZDNET Reviews

It has four ways of connecting to the internet: WAN cable; by using the Beryl router as a repeater; by plugging a USB modem into its USB 3.0 port; or by using the port and cable to tether it to your mobile phone.
If you use the repeater option, you can connect the router to an existing wireless network. For example, using free Wi-Fi in a hotel or cafe The router then creates its own subnet and acts as a firewall to protect you when you work on a public network.
If you have a USB Modem, insert your data SIM into the USB port of the router. it will then work as a USB 3G/4G modem. Alternatively, simply tether your mobile phone to the USB port.
Eileen Brown
The admin panel is simple to use and allows you to configure internet connection types, configure the Wi-Fi name and change the password from the default, manage and block clients, configure your firewall and applications, and use a VPN.
You can set up an OpenVPN client to connect to an OpenVPN server, add a certificate for an OpenVPN server, subscribe to a WireGuard server, or set up your own server.
Beryl supports 30+ OpenVPN and WireGuard VPN services with speeds up to 91Mbps on WireGuard and 21Mbps on OpenVPN.
The internet kill switch means that all connected clients can only access the internet through the client VPN on the router.

Users’ online identity and browsing data could be concealed from surveillance and traffic analysis by using the Tor service. Tor (derived from “The Onion Router”) software helps you to explore the internet anonymously.
Additionally, Cloudflare, helps to prevent eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The router also supports WPA3 encryption which is the next generation of Wi-Fi security.
There is a mode switch on the side of the router that does not seem to do anything initially. However, this switch is fully configurable in the admin panel to toggle VPN or Tor on or off.
I found the configuration of the GL.iNet Beryl far easier than any of my router repeaters at home, and I was quickly up and running using the router as a repeater. The GL.iNet documentation is comprehensive and easy to follow.
It took me slightly longer to tether my mobile device to the router — entirely because one of the cables I was using did not enable USB tethering on the phone.
A quick rummage in my cable boxes meant I found a cable that did work for data transfer and the USB tether became enabled.
For $69.99, the Beryl travel router is simple to configure and use, it is compact and light, and, once configured, will cope with a lot of simultaneously connected devices.
If you are out and about and need a secure or anonymous connection, the GL.iNet Beryl could be exactly the router you are looking for.

ZDNet Recommends More

Agent Tesla malware variants are now using new techniques to try and eradicate endpoint antivirus security. 

On Tuesday, Sophos researchers said that two new variants of the Remote Access Trojan (RAT) are targeting Microsoft Anti-Malware Software Interface (AMSI), scanning and analysis software designed to prevent malware infections from taking hold. 
Agent Tesla operators will now attempt to tamper with AMSI to degrade its defenses and remove endpoint protection at the point of execution. If successful, this allows the malware to deploy its full payload. 
First discovered in 2014, Agent Tesla is a commercial RAT written in .NET and includes and is a well-known information stealer. The malware is often spread through phishing campaigns and malicious email attachments and is used to harvest account credentials, steal system data, and provide remote access to a compromised PC to attackers. 
Phishing email samples include package delivery notices, attachments claiming to be catalogs, PPE offerings related to COVID-19, and when used against organizations they may also relate to business-critical issues such as invoicing. 
Sophos says that the malware, which is under constant development, includes a .NET downloader that calls and grabs malicious code hosted on legitimate websites including Pastebin which is published in a base64-encoded and obfuscated manner. 
These “chunks” of codes are merged together, decoded, and decrypted to form the main loader. 

If AMSI has been successfully disarmed, this loader is then installed and can run without any interference, deploying Agent Tesla in full in order to take screenshots, log keyboard input, steal data saved on clipboards, and grab credentials from browsers, email clients, apps, and more. 
Other updates to the malware, labeled as Tesla 2 and 3, includes an increased number of applications on the hit-list for the theft of credentials and enhanced obfuscation, as well as options for operators to use the Tor client and Telegram’s messaging API when connecting to command-and-control (C2) servers.
Target applications include Opera, Chromium, Chrome, Firefox, OpenVPN, and Outlook.
“The differences we see between v2 and v3 of Agent Tesla appear to be focused on improving the success rate of the malware against sandbox defenses and malware scanners, and on providing more C2 options to their attacker customers,” the researchers say.
Criminal clients can also choose to maintain persistence by executing the malware on system starts and can remotely uninstall Agent Tesla if they wish. If another, past version of the malware is detected on the target system and the option to maintain persistence is selected, both versions 2 and 3 will remove it. 
Sophos says that in December 2020, Agent Tesla payloads accounted for approximately 20% of all malicious email attachments. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The average ransom paid to cyber criminals following a ransomware attack is falling as more companies become reluctant to give into extortion demands.
Analysis by cybersecurity company Coveware has found that the average ransom payment paid following a ransomware attack decreased by a third in the final quarter of 2020, dropping to $154,108 from $233,817 during the previous three months.

More on privacy

The company attributes the drop in the average ransom payment to victims choosing not to give into demands to pay bitcoin in exchange for the decryption key, which the criminals claim will restore the network to working order.
SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)    
While it’s positive that a higher percentage of these victims are choosing not to pay cyber criminals, there’s still a large number of organisations that do give in – allowing ransomware to continue to be successful, even if those behind attacks have been making slightly less money. However, it might be enough for some ransomware operators to consider if the effort is worth it.
“When fewer companies pay, regardless of the reason, it causes a long-term impact, that compounded over time can make a material difference in the volume of attacks,” said a blog post by Coveware.
The rise in organisations choosing not to give into extortion tactics around ransomware has also led the gangs to change their tactics, as shown by the increase in ransomware attacks where criminals threaten to leak stolen data if the victim doesn’t pay. According to Coveware, these accounted for 70% of ransomware attacks in the final three months of 2020 – up from 50% during the previous three months.

However, while almost three-quarters of organisations threatened with data being published between July and September paid ransoms, that dropped to 60% for organisations who fell victim between October and December.
Researchers note that even if the ransom is paid, there’s no guarantee that criminals will delete the data, and instead they may use it for some other malicious purposes, something which organisations might be considering when making a decision over payment.
And, as cybersecurity companies and law enforcement agencies warn, any payment made following a ransomware attack just motivates the criminals to continue attacks.
Ransomware also continues to be a success because cyber criminals are able to successfully breach insecure networks in order to lay down the foundations of attacks.
Phishing emails and exploitation of Remote Desktop Protocol (RDP) are the most common methods for ransomware attacks to enter networks. While a phishing email relies on victims opening malicious documents or links to set the attack in motion, RDP doesn’t need an individual in the victim organisation to be involved at all, because attackers are able to abuse leaked credentials.
SEE: Ransomware victims aren’t reporting attacks to police. That’s causing a big problem
In both of these cases, the ransomware is finding a way into networks because cyber criminals are exploiting security vulnerabilities. Applying security patches to prevent malicious hackers using known vulnerabilities can go a long way to stopping malware being executed on the network.
Using tools like two-factor authentication can help prevent attackers gaining a foothold on the network, because even if they have the right login credentials, it’s much harder to exploit them.
Meanwhile, regularly updating offline backups also provides organisations that do fall victim to ransomware attacks with a means of restoring the network without rewarding criminals.
MORE ON CYBERSECURITY More

Ransomware attacks are a potential danger for any organisation, with ransomware variants including Conti, Egregor, Maze and many others still successfully compromising victims across all industries – but there are some industries that criminal gangs are targeting more than others.
The ransomware attacks are successful because many organisations can’t afford for their network to be out of service for a sustained period of time, so many businesses are still taking what they perceive to be the quickest and easier route to restoring the network by giving into the ransom demands of criminals.

More on privacy

A recent report by cybersecurity company Digital Shadows examined which industries were most targeted by ransomware during 2020. While almost every industry found itself dealing with ransomware gangs over the course of the past 12 months, industrial goods and services was the most targeted, accounting for 29% – or almost one in three – ransomware attacks.
SEE: Security Awareness and Training policy (TechRepublic Premium)
That number of attacks is more than those on the next three most targeted sectors – construction, technology and retail – combined.
Manufacturers and infrastructure can make a tempting targeted for ransomware attacks because the organisations in these sectors need to be in operation around the clock, whether that’s running a factory production line or operating a utilities plant. If they can’t provide these services, there can be wide-ranging impacts further down the supply chain.
“Industrial organisations will feel more pressure to pay the ransom as periods of inoperability have significant impacts to their customers. This may result in a perception that organizations in this area are more likely to pay a ransom demand compared to organizations in other sectors,” says Jamie Hart, cyber-threat intelligence analyst at Digital Shadows.

Also, these systems also tend to be in constant use, which can create another problem because operators may be reluctant to take them offline to apply the steady flow of routine software patches necessary to protect against security vulnerabilities that can give ransomware gangs access in the first place. That’s if the machines can receive security updates at all because obsolete, unsupported technology is still common in many industrial environments.
“Organisations in this vertical are heavily reliant on systems that are outdated and thus require significant efforts to maintain vulnerability management. Additionally, these systems are so vital to the day-to-day operations of these organizations taking them offline for patching is a significant undertaking,” says Hart.
This reliance on older systems and the need for constant uptime, therefore, makes industrial plants tempting victims for ransomware attacks. For the cyber criminals, it’s all about the money and they’re targeting factories because they know there’s money to be made, potentially against a soft target that will be willing to pay up.
“Ransoming an enterprise, that’s one thing. Ransoming an industrial plant that has a 15-million-a-day production line that would be affected by downtime, that’s another,” says Rob Lee, CEO and co-founder of Dragos, a company specialising in industrial cybersecurity.”It will be extremely enticing for ransomware operators.”
Most ransomeware will target the PCs and servers on the business network (which is often enough to shut down operations), but some are going further to target the industrial systems too. There are some specialist ransomware operations that are looking to take attacks even further in their quest to make money, such as ransomware variants like EKANS, which are specifically designed to target industrial control systems (ICS).
The prospect of ransomware encrypting ICS systems in factories is a worrying prospect, but there’s also the potential these gangs could target critical infrastructure and attempt to hold energy, water and other utilities hostage.
These aren’t products that organisations and individuals could go without for a few days – if a cyber criminal has the ability to shut down the power of a city, the impact is going to be felt far and wide.
There have been some examples of likely state-sponsored hackers compromising critical infrastructure suppliers and tampering with the systems, such as Stuxnet – a malware attack that caused substantial damage to Iran’s nuclear program by spinning up centrifuges to the extent it tore them apart.
There’s also Industroyer – also known as Crashoveride – which caused a power grid blackout across a large area of Ukraine in December 2016.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  
Inevitably, where state-backed cyber attackers lead, cyber criminals will follow – as demonstrated by the uptake of leaked NSA hacking tool EternalBlue, which not only helped power destructive attacks like North Korea’s WannaCry campaign and Russia’s NotPetya attack, but was taken up by cyber criminals to distribute ransomware, malware, cryptocurrency miners and other malicious payloads.
And now cyber criminals are increasingly turning towards targeting industrial control systems as they learn how previous attacks work and attempt to mimic techniques and procedures in ransomware campaigns.
“We have rising instances of ransomware actors who are more interested in getting into these spaces to the extent of designing very crude, but very concerning techniques such as terminating processes to extend encryption activity,” says Joe Slowik, senior security researcher at DomainTools.
Ekans ransomware was first documented in early 2020 and is designed to target Windows machines in industrial environments – complete with commands and processes associated with a number of industrial control system-specific functionalities, with the intention of stopping them as part of a ransomware attack.
It’s a cyber-criminal operation designed purely for financial gain – especially as a utilities provider can’t wait for weeks to restore the network, so could be pushed into paying the ransom in the hope that applying the decryption key solves the immediate problems.
But encrypting industrial control systems is different to encrypting the network of enterprise business – these systems can control machines that have a physical presence in the world and disruption of these machines could potentially lead to unforeseen consequences. Shutting down a factory is not quite the same as shutting down a PC.
“A combination of the deliberate intention of trying to hold industrial operations to ransom, as well as the unintentional impact of if you terminate these things in the wrong way, can lead to not just classic ransomware problems but potentially serious implications,” says Slowik.
Currently, ransomware that targets industrial control systems is still a rare occurrence – even if wider industrial environments still regularly find themselves on the receiving end of ransomware attacks. But in both cases, there are things the organisations can do to minimise the chances of falling victim to a ransomware attack in the first place.
SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic) 
Unpatched security vulnerabilities can allow ransomware and other malware to enter and propagate around the network, so it’s highly recommended that critical security updates are applied soon after they’re released as they’re there to protect against known vulnerabilities. While it might be painful to briefly disrupt parts of the network to make sure the patches are applied, it’s going to be less painful than falling victim to a cyberattack.
In addition to this, anything that can’t receive security updates for one reason or another should be segmented from the rest of the network – if it even needs to be outwardly facing the internet at all – to help prevent cyber criminals from using more vulnerable systems as a gateway to the rest of the network.
Crucially, industrial organisations should be bolstering their cybersecurity now – not when it’s already too late to protect against potentially damaging attacks.
“I don’t think we should be freaking out now, I don’t think the sky is falling, but I think we’re in that five-year event window where this gets really bad. If you want to get ahead of that, you better be starting now,” says Lee.
MORE ON CYBERSECURITY More