Ransomware and the San Francisco 49ers: Defensive Plays for Your Network Security
On April 12, the day before the Super Bowl, the San Francisco 49ers corporate computer network was taken down and encrypted. In every file was a single text document delivering the ransom. This major league NFL team had been ransomware’d. On Super Bowl Sunday, the team that perpetrated the hack posted the 49ers to their online victims list in the darknet.
This unique event is not so unique. Hackers have been becoming bolder – and working together more – to put every brand and network at risk. Even the team that hacked the 49ers, BlackByte, actually provides ransomware software to other hackers to further their own private nefarious goals. This event has us thinking seriously about our defense and offense strategies.
How can NFL teams protect themselves? If every business were a football team, what level of defensive strategy is necessary to keep your data safe? As Blake Schwank explains in this week’s Cyber Saturday video, we can take this opportunity to look at cybersecurity from a football defense perspective.
Your Data is the Quarterback
Let’s start this analogy by thinking of your data as the quarterback. Light and fast, your data needs to travel safely from one end of the field to the other without being compromised by the other team’s offensive line. Their aggression (hacking attempts, in this analogy) put the quarterback in danger. He needs his entire team to run a defense strategy while he makes his run to the touchdown zone (data makes it safely through the network).
Firewall & Antivirus: Your Offensive Line
Firewalls are your first offensive line. They are designed to stop any unwanted intrusions into the network, or aggression on the quarterback as he makes the play. However, because phishing and passive malware exist, you can statistically guarantee that a few of the enemy offence make it through the line. For this, you have antivirus.
Antivirus intercepts and blocks offensive moves against the quarterback. Antivirus identifies and response to threats that make it through the firewall. But like the leather helmets of past football games, the combination of firewall and antivirus aren’t enough anymore.
Supplements and advanced training have made the defensive line about 50 lbs heavier – and we need more serious defense to stop heavy-duty intrusions using known vulnerabilities in corporate systems.
In the 49ers example, BlackByte typically intrudes through a known vulnerability in the Windows Exchange Server.
Managed Detection and Response: The Coach Above
So what is the next layer of defense? Managed detection and response, sometimes called network monitoring, is your coach who’s up in the box looking down at the game from above. Managed detection keeps an eye on every move that the network makes – authorized and unauthorized. If the enemy team starts moving for an illegal play, the coach watching from above can blow the whistle.
If the opposing team changes their strategy, their change in movements is relayed down to the team and defensive strategies can come into play. The managed detection system watches traffic laterally between computers and servers – watching for hacked or malware-type behaviors and is run from a live security operation center.
Zero Trust Solutions: Extra 30 Linemen
Zero trust is like beefing up your defense to include 30 extra offensive linemen. While this is not in line with how the traditional game is played, it is how you might plan to defend a quarterback at all costs in a schoolyard game where rules go out the window.
With zero trust software, you can prevent all manner of risky accidental or unauthorized actions. For example, Zero trust software prevents un-whitelisted programs from being installed. It may prevent all quick-click links from being opened. It may even automatically check emails for private data before they are sent.
The software that doesn’t allow anything not supposed to run or enter the network. This can also include network access. Zero trust software might deny network access to anyone who doesn’t have a double-authorized employee login. In fact, you can even use permission controls to ensure that only authorized accounts can access certain private documents.
Network defense is something that the NFL could become an industry leader in. Teams and their corporate structure simply need to take on the idea of cyber defense with the same passion and dedication that they commit to defense on the field. Each one of these metaphoric methods can be used to make sure your data is uncompromised and your quarterback makes it – uncrushed – safely to the touchdown zone with every data delivery.
Colorado Computer Support is here to help you build the defensive strategy that works best for your brand and IT infrastructure. Contact us today to get your team in gear to take the next season of cybersecurity by storm.