Intelligent CISO Issue 53 | Page 38

Once hackers have gained entry into a system , a ransomware attack is the likeliest outcome .
FEATURE
the tech giant isn ’ t about to let you go about your business without it .
Be aware of entry points
Leaving an endpoint unsecured obviously leaves a system open to attack , be it a virus or malware breach . It doesn ’ t even have to be a glaringly obvious entry point in order for those intent on causing distress and disruption to find their way into a network . This was recently the case with some hackers who found a way into a piece of software that most office workers use without a second thought on every single working day of their lives .
Microsoft was quick to respond after employees used Microsoft Word to write

Once hackers have gained entry into a system , a ransomware attack is the likeliest outcome .

short documents but possibly weren ’ t aware of its many macros which execute code . However , it was one of these that was exploited as the hackers zoned in on a way to exploit a feature of the Help function and inject code into the system .
Microsoft developed a patch that covers the vulnerability but if patch management isn ’ t applied onto a user , the issue could remain as well as develop further .
Once hackers have gained entry into a system , a ransomware attack is the likeliest outcome . This will be disastrous for an enterprise and often originates in shared resources , the vast majority of which affect the many and not the few and which are understood by only limited numbers in the organisation . This means they can be breached without most employees noticing .
As it searches mapped drives , the ransomware looks for files that are utilised by more than one person . The hackers understand that so many of
38 www . intelligentciso . com