Do not forget about the human component
Once again, a supply chain attack occurred, in which another IT service company was involved. Attackers gained access to the IT systems to change code that was sent out as a simple update to customers and their customers and now affects tens of thousands of customer systems worldwide. Malicious code was declared trustworthy in the face of existing processes and spread laterally across the networks to take IT systems hostage. The first victims in Europe are a Swedish supermarket, a railway company and a pharmacy chain. The chain reaction is expected to affect organizations in at least 17 countries, including Germany, where three IT service companies and their customers, especially micro-enterprises, are also affected. In total, there are probably more than 1,000 infected computers. The case is similar to that of SolarWinds Sunburst and the Windows Exchange attacks of the HAFNIUM group. Unfortunately, the new normal in the world of cybersecurity seems to be to attack IT service providers to trigger a chain reaction of similarly falling dominoes.
Ryan Chapman, Instructor & Author at SANS Institute
For Ryan Chapman, Instructor & Author at SANS Institute , people are the most important factor when it comes to fighting ransomware. People are central because you can’t bring processes or technologies into play, let alone manage them properly, if you don’t have people available. Too often there have been Incident Response cases where the original infection vector was triggered by a policy not followed or by a technological solution that was not properly implemented or configured. Therefore, the most important aspect of a company’s cybersecurity is its people. Well-trained employees who avoid unnecessary mistakes.
“A technical implementation such as a strong endpoint detection response solution may be of no use to a business if no alarms are generated or if no one has these alarms in view. Including management decision-making processes such as a safety review in the decisions of the change control body is of no use if the “employees” who review these changes are not careful. And it’s no use if you don’t know what to look out for. We as the security community have been committed to technologies and processes, but we often forget the all-too-important human aspect of these actions,“ Ryan says.