The WannaCry malware attack that crippled 200,000 computers in more than 150 countries was not a surprise to Michael Chertoff, former U.S. secretary of Homeland Security, and now executive chairman of the Chertoff Group, which counsels companies and governments on cybersecurity and other security issues.
(Related on ThinkAdvisor: Following WannaCry, SEC Issues Ransomware Alert)
“Literally every week we have more and more developments in the area of cybersecurity,” said Chertoff, addressing the 2017 Cyber Investing Summit held at the New York Stock Exchange, recounting not only the WannaCry attack but the theft of data from more than 1 billion accounts from Yahoo, disclosed in 2016, three years after the fact.
Both attacks involved not just individual criminals but also nation-states, said Chertoff, noting that North Korea is suspected in the WannaCry attack and Russian intelligence operatives in the Yahoo breach.
No enterprise is immune from a cyberattack attack, said Chertoff, who went on to offer his prescription for minimizing the impact of one, taking precautions similar to what a doctor would recommend to patients: maintaining a healthy immune system, including vaccinations, and engaging in activities to build up a body’s defenses.
Here’s his checklist for how financial companies can protect themselves against cyberattacks and their impacts if their systems are breached:
- Use software patches when they’re sent and develop protocols to insure that employees do this, but first make sure the updates are genuine. These are “foundational elements of cybersecurity,” said Chertoff, who noted that companies and individuals could have protected themselves against the WannaCry attack if they had just used the patches sent out by Microsoft in March.
- Use multiple-factor authentication — the standard now is two. “Dual factor is better than single factor,” said Chertoff, but it’s not infallible. “Think through what the second factor is.” He explained that a German bank was hacked and money transfers authorized when texting was used for the second authentication. He suggested instead a phone call as the second level of verification, whereby the person the financial company is dealing with phones the financial company rep instead of texting him or her.
- Use behavioral monitoring and pattern tracing because it’s not just insiders but outsiders doing the stealing via cyber breaches now. Financial companies should monitor customers’ transactional behavior, like credit card companies do with algorithms they develop in order to recognize anomalies, said Chertoff.
- Use encryption, a critical element to safeguard business data and customer data.
- Back up data, which will help restore service and records if there’s a breach.
- Have a crisis response plan. Chertoff said the companies need to have designated responders, a Plan B and a method of communications in the case of a breach.
- Keep in mind that breaches can originate with all kinds of institutions and companies. The 2013 hack of 40 million Target accounts started when the credentials for its network were stolen from a third-party heating and cooling vendor for the company, allowing the thieves to introduce malware.
The October 2016 massive denial of service attack was perpetrated with a special malware known as a botnet that originated not in a group of computers but with thousands of “Internet of Things” devices such as digital cameras and baby monitors. Together they attacked the servers of Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure.
“Everything is now going to be smart and connected,” said Chertoff referring to all the devices linked to the Internet including also thermostats and home recording devices. “These things do not have security in mind…Many of them have no provisions for updating passwords or patching. …That becomes not only a problem for your own network … but for everybody else. We need to think about how to build security into that” and integrate it with the rest of security system, said Chertoff.
He ended his presentation with another lurking security threat: cyberwarfare where the financial system could become a key target especially by those actors who don’t participate in the global financial system such as North Korea.
— Related on ThinkAdvisor: