Ransomware attacks, supply chain attacks, identity theft, zero-day attacks, extortion; these are just some of the top cybercrime concerns facing businesses in the UK today, and this is not predicted to change anytime soon. Security risks for businesses, in fact, have been on a steady upward trajectory for a while now, so it’s time to think about what you can do to keep your business protected.
In 2020-21, more than 80% of businesses experienced a successful cyber-attack, and with so many of these attack vectors being related to malicious software in some way, the smart thing to do is start whitelisting your applications.
What is Application Whitelisting?
As cybercriminals become more advanced with their abilities, it can be difficult for companies to stay ahead of the game and detect and block malicious code in software. Application whitelisting gives companies a fighting chance against cybercrime by redefining the landscape of access for users.
Simply put, application whitelisting is when you create an index of approved applications and executable files that are permitted to run within your IT environment. It is a security strategy that blocks malicious programs from running on devices or networks by preventing them from executing at all or by disabling their execution when they are present.
Application whitelisting helps with application control within a network, allowing you to protect data and comply with regulations like GDPR, but it also keeps your business protected from suspect software.
There are two primary benefits of application whitelisting: defence against malware, and protection from ‘shadow IT’. Shadow IT is when your non-IT employees go rogue and start downloading applications on their devices without knowing if it is secure or properly licensed. If the apps aren’t whitelisted, the installation will be blocked, and your IT department will be notified of the installation attempt.
Creating an Application Whitelist
There are two different ways that you can create an application whitelist. The first is by using a standard list of approved applications that has been supplied by your software vendor. This standard list includes applications that are common for your IT environment but can be customised to suit your business’s needs.
The second method uses a system that is clear of malware and other unused/unwanted software to scan as a model for other devices. While both methods help to create and maintain a secure IT environment, the first method would better serve organisations without public-facing devices.
The app whitelisting guide provided by the National Institute of Standards and Technology (NIST) highlights that there are five key application attributes which can be used to help define whether an application is permitted to be executed:
- File name
- File path
- File size
- Software publisher’s digital signature
- Cryptographic hash
Not all these attributes, however, need, or should, be given the same amount of importance. Therefore, having someone who knows the art and requirements of application whitelisting is essential.
Whitelisting Best Practices
As with all technology and systems, to get the most out of your approach and to guarantee security, it’s important to know how to use it correctly, so here are some whitelisting best practices your business should be employing:
- Create a comprehensive application list before taking any action
- Categorise essential and non-essential business apps and identify which are used daily and which are unused
- Integrate whitelisting and patch management processes to ensure continued access to approved applications after patching has occurred
- Control admin access to admin tools to mitigate any further operational and security risks
- Implement an application whitelist in phases across your organisation to ensure business continuity if problems arise
- Take your time making sure your list is correct because the security that comes with application whitelisting is only as good as the list itself
- Regularly review and update your list to keep up with your ever-changing IT environment
Get Professional Assistance
Implementing and maintaining security strategies and best practices for your organisation can be hard work, and if you don’t have people in-house with the right expertise, your organisation could end up paying the price. Thankfully, though, you can outsource your cybersecurity to a managed service provider (MSP).
An MSP is a highly skilled team of IT professionals who can implement a security strategy based on your organisation’s needs, mitigate your risk of becoming a cyber-attack victim, and train your staff to ensure that their actions don’t create vulnerabilities in your network.
If you think it’s about time your business starts working toward a more secure online environment, contact the security experts at INTELLIWORX to see how they can help protect your business and your bottom line.