Let this be yet another reminder as to how important basic security practice is, and how closely good practice should be followed in order to reduce damage and impact to your organisation. 

Listed below are 10 damage limitation steps that all organisations, as well as end users, should already be implementing:

For the end user:

  • Compare the hash value of any downloaded file to check for its integrity and authenticity
  • Check for the existence of a signed digital certificate, ensuring all details are valid and accurate
  • Ensure that you participate in a regular security awareness training programme

For the Enterprise:

  • Ensure trust relationships between your organisation and 3rd parties are correctly configured and secured
  • Implement “least privilege” in production
  • Ensure all systems are routinely being patched
  • Implement application whitelisting
  • Monitor high-value departments (e.g. development team, finance, IT) for insider misuse or abuse as well as anomalous activity (UEBA)
  • Collect logs from your endpoints and correlate and respond to suspicious activities (ETDR)
  • Perform network security monitoring including full packet capture, in order to be able to detect anomalous DNS traffic, DGA and outbound C2 network traffic (NTD)