General Detection And Prevention Measures

There are several measures that will improve the overall cyber security of your organisation and help protect it against the types of tools highlighted by this report. Network defenders are advised to seek further information using the links below.

CCCS Top 10 Security Actions https://cyber.gc.ca/en/top-10-it-security-actions

CCCS Cyber Hygiene https://cyber.gc.ca/en/guidance/cyber-hygiene

Cyber Security Concerns for Management:
https://www.cyber.gc.ca/en/guidance/cyber-security-considerations-management-guidance-government-canada-itsb-67

Use multi-factor authentication (/2-factor authentication/two-step authentication) to reduce the impact of password compromises. See CCCS guidance: https://www.cyber.gc.ca/en/guidance/user-authentication-guidance-information-technology-systems-itsp30031-v39

Protect your devices and networks by keeping them up to date: use the latest supported versions, apply security patches promptly, use antivirus and scan regularly to guard against known malware threats. See CCCS Guidance: https://cyber.gc.ca/en/guidance/security-vulnerabilities-and-patches-explained-it-security-bulletin-government-canada-itsb

Implement architectural controls for network segregation. See CCCS Guidance: https://www.cyber.gc.ca/en/guidance/network-security-zoning-design-considerations-placement-services-within-zones-itsg-38

Protect the management interfaces of your critical operational systems. In particular, use browse-down architecture to prevent attackers easily gaining privileged access to your most vital assets.

Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions.

Update your systems and software. Ensure your operating system and productivity apps are up to date. Users with Office 365 licensing can use 'click to run' to keep their office applications seamlessly updated.

Use modern systems and software. These have better security built-in.

Restrict intruders' ability to move freely around your systems and networks. Pay particular attention to potentially vulnerable entry points eg third-party systems with onward access to your core network. During an incident, disable remote access from third-party systems until you are sure they are clean. See CCCS Guidance: https://cyber.gc.ca/en/guidance/cyber-security-best-practices-contracting-managed-service-providers

Whitelist applications. If supported by your operating environment, consider whitelisting of permitted applications. This will help prevent malicious applications from running. See CCCS Guidance: https://cyber.gc.ca/en/guidance/application-whitelisting-explained-it-security-bulletin-government-canada-itsb-95

Manage macros carefully: disable Office macros except in the specific apps where they are required, only enable macros for users that need them day-to-day, use a recent and fully patched version of Office and the underlying platform.

Use antivirus. Keep any antivirus software up to date, and consider use of a cloud-backed antivirus product that can benefit from the economies of scale this brings. Ensure that it is also capable of scanning MS Office macros. See CCCS Guidance:

Layer phishing defences. Detect and quarantine as many malicious email attachments and spam as possible, before they reach your end users. Multiple layers of defence will greatly cut the chances of a compromise.

Treat people as your first line of defence. Tell staff how to report suspected phishing emails, and ensure they feel confident to do so. Investigate their reports promptly and thoroughly. Never punish users for clicking phishing links or opening attachments. See CCCS Guidance: https://cyber.gc.ca/en/guidance/spotting-malicious-email-messages-itsap00100

Deploy a host-based intrusion detection system. A variety of products are available, free and paid-for, to suit different needs and budgets.

Defend your systems and networks against denial of service attacks. See CCCS Guidance: https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2012/tr12-001-en.aspx

Defend your organisation from ransomware. Keep safe backups of important files, protect from malware and don’t pay the ransom – it may not get your data back. See CCCS Guidance: https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2013/in13-004-en.aspx

Make sure you are handling personal data appropriately and securely. See Privacy Commissioner guidance: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/

Other publications from CCCS: https://cyber.gc.ca/en/publications

See also the following advice from our international partners:

Date modified: