Last year, following the global WannaCry incident in May 2017, the NCSC published guidance that described how organisations of all sizes – and home users – could reduce the likelihood of being infected by malware.
To make it simpler for you to find the information you need, we’ve now updated and combined these publications into a single piece of guidance around Mitigating Malware.
Our aim for this guidance is to answer three questions:
- What is malware?
- What should I do to protect myself?
- What should I do to protect my organisation?
So, if you’re a home user, you’ll only need to consider the first 2 questions. However if you’re an IT professional responsible for securing even just a small business, then question 3 describes protections you can put in place that will reduce the likelihood of malware causing serious damage.
No matter what steps you take, there is always the risk that an attacker will eventually get through. This is where our new Preventing Lateral Movement guidance comes in. WannaCry and NotPetya both highlighted the impact that ransomware can have if it is able to move between endpoints and through your networks. However, you can make it hard for malware to spread laterally and fulfil its objective (whether that is obtaining valuable data, spreading ransomware, or causing general disruption) by performing additional hardening.
The guidance also explains why you should monitor your network to try and detect when it has been compromised. This can help you manage the impact, find out how the malware got in, and take defensive action as quickly as possible.
We understand that some of the recommended mitigations may be difficult to implement quickly. However, we hope this guidance will provide your organisation with a starting point. You should then tailor and prioritise the recommendations to reflect your own environment, balancing your available budget against the costs associated with a network compromise.
Dan U
Security Consultant, NCSC
Source: National Cyber Security Centre