Security Advisory Notice – Petya Ransomware

A number of high-profile ransomware attacks have been reported globally starting June 27^th. With the recent global Ransomware outbreak of May 12^th still fresh in minds, it is ever more clear that decisive and responsive action is needed to protect organisations.
Similar to the recent Wannacry outbreak, this variant of ransomware ‘Petya’ is causing widespread disruption; reports indicate that the outbreak originated in Ukraine, with the state’s government, and electricity grid among the first confirmed targets. While initial victims centred around Ukraine, the Dutch shipping company Maersk has confirmed it was targeted, with its Irish operations reportedly hit; more organisations are expected to be identified as victims in the coming days.

The media have dubbed this outbreak ‘GoldenEye.’

How Does ‘Petya’ Work?

Similar to Wannacry, Petya is designed to exploit the known Microsoft Samba vulnerability (MS-17-010) using EternalBlue, the NSA developed attack code which was published as part of the Shadow Brokers’ leak. This vulnerability, which has been rated as Critical by Microsoft, was remediated as part of updates released on March 14^th of this year.

However, Petya is demonstrably more sophisticated than Wannacry. In addition to using the EternalBlue exploit, Petya can spread laterally using Windows Management Instrumentation Command-Line (WMIC) and PsExec, a remote command tool from Microsoft, to systems which have been patched but are on connected networks. ³ This multi-threaded approach, using lateral attack vectors highlights that patching alone is not sufficient to protect organisations.

The Petya variant of ransomware is designed to encrypt a filesystem’s Master File Table (MFT), rather than encrypting files or shared drives within an organisation. This means the operating system cannot then locate files. Petya installs itself to the disk’s master boot record (MBR) similar to a bootkit, before displaying a ransom page directing victims to send bitcoins for the release of their files. ²

With previous versions of malware, the only potential loss is that of data. With Petya, the loss is greater – the entire system. ⁴

How Do I Protect My Organisation?

Ward Solutions recommend the following short term actions be taken to protect your organisation;

• As per previous advisories, systems administrators are advised, if they haven’t already, to patch against the Microsoft Samba vulnerability which is known to affect the below Microsoft software;

– Microsoft Windows Vista SP2
– Windows Server 2008 R2 SP1 and SP2
– Windows 7
– Windows 8.1
– Windows RT 8.1
– Windows Server 2012 R2 and
– Windows 10
– Windows Server 2016

Ward Solutions recommends that systems administrators immediately take action to patch against this Microsoft vulnerability if they haven’t already done so.

Further details on this patch can be found on the Microsoft support site here: https://support.microsoft.com/en-sg/help/4013389/title

• Keep your antivirus active and up to date and always update your AV software from valid sources. McAfee has released and extra.dat to include coverage for Petya. McAfee has also provided a range of known extensions which have been identified as affected. Further information can be found at the below McAfee advisory; https://kc.mcafee.com/corporate/index?page=content&id=KB89540

• Ensure you have a reliable and well configured backup solution, keeping at least one of those backups offline
• Ensure the minimum appropriate level of administrative privilege is allocated. This can assist in prohibiting propagation should your organisation be attacked
• Block the following inbound TCP Ports 135, 445, 1024-1035
• To stop the spread from the WMIC, administrators should block the file C:\Windows\perfc.dat from running.⁶ Additionally, there have been reports of a possible kill-switch, though successful use of the method has yet to be reported. PTSecurity researchers have reported that the ransomware checks if the C:\Windows\perfc file is present, and if it determines that the file is already present, the malware execution stops. PTSecurity is proposing that if the correctly named file is created in the given folder path, it may halt encryption, though this method has yet to be verified. ⁵
• McAfee also recommends blocking the following file/folders; **\PSEXESVC.EXE and   C:\Windows\System32\Tasks\**. Blocking these will prevent the ransomware from creating the Windows Scheduler task it requires to force a restart of the system and can assist in preventing the replication of PsExec.⁶

In the medium term, there are also a number of actions that organisations can take to protect themselves including;

• Update email and SPAM filtering solutions to scan all emails and blocks malicious software from reaching end users.
• Perform regular user awareness training and make sure the content is kept relevant. Include social engineering phishing exercises to get real-world measure of the effectiveness of the training and awareness on staff
• Logical separate internal network segments such that users and servers are on different segments with appropriate policies to help stop the spread of malware through the network.
• Implement a vulnerability management solution in tandem with a patch management solution, enabling you to pinpoint vulnerabilities and prioritise your patching.

My Organisation is Infected, What Now?

The first piece of advice is to not attempt to pay the ransom as Posteo, the email provider hosting the address where Petya victims are being directed, has shut down the account.⁷

Secondly, as Petya only encrypts the Master File Table (MFT) after reboot, if you are aware that you have been infected (or are prompted with a ‘Check Disk’ message) and shut down the infected machine before reboot, you can potentially prevent the encryption. And, as Petya encrypts the MFT and not the files themselves, data recovery may be possible – though no successful recoveries have yet been reported.

How Can Ward Help?

For SOC Managed Service customers, we have been receiving IBM Threat Intel feeds, including Petya Indicators of Compromise, since June 27^th, and will take any appropriate action accordingly.

For Managed Service customers, the Ward Support team will be reviewing individual environments to ensure all recommendations are implemented.

For all other customers, if you would like additional information or would like support in implementing preventative measures in your environment, please contact support@ward.ie or your account manager, as appropriate.

Further reading:

¹http://www.bbc.com/news/technology-40416611
² https://labsblog.f-secure.com/2016/04/01/petya-disk-encrypting-ransomware/
³ https://securityintelligence.com/petya-werent-expecting-this-ransomware-takes-systems-hostage-across-the-globe/
⁴ https://blog.fortinet.com/2017/06/27/new-ransomware-follows-wannacry-exploits
⁵ https://www.bleepingcomputer.com/news/security/email-provider-shuts-down-petya-inbox-preventing-victims-from-recovering-files/
⁵ https://kc.mcafee.com/corporate/index?page=content&id=KB89540
⁶ https://www.ptsecurity.com/ww-en/about/news/283096/
⁷ https://www.wired.com/story/petya-ransomware-wannacry-mistakes/

Key steps to preventing a ransomware attack.

How prepared are you for the next ransomware attack?

Ward Solutions presents: Key steps to preventing a ransomware attack.

When and where?

Start: 3:00 PM, 04/07/2017
End: 3:30 PM, 04/07/2017
Place: http://bit.ly/Ransomwarewebinarward

One-fifth of Irish businesses were held to ransom by cybercriminals in the past 12 months, according to the results of a recent survey that we conducted.
Click here to view our latest Mapping Cyber Security Whitepaper.
The survey was carried out among 170 senior IT professionals and decision makers in Ireland just prior to the recent WannaCry attacks, and highlights the scale of the ransomware issue in Ireland.

We have more insights from the survey that we will detail out at our webinar on July 4^th. So don’t forget to register here.

Overview of the webinar:

• How could ransomware attack be prevented?
• What to do if you still haven’t experienced an attack?”
• How Ward can help you?

This webinar is going to help you understand ransomware from a larger perspective. Both our experts, Paul Hogan and Liz O’Neill come with an army background and now Paul, the Chief Technology Officer and Liz, Head of operations and response at Ward Solutions will help you have better clarity over the immensity of these kind of attacks and what exact precautions need to be undertaken.

This will be an interactive discussion where we will take in questions during and after the webinar. So keep your questions ready and fill in your details below to register and we will send you the link to the webinar in the next few days.

By providing the contact information above, I agree that Ward Solutions Limited may collect, use, disclose and retain my personal data, which I have provided in this form and share it with third party organisations through which Ward carries out it’s marketing further details of which can be accessed at our website www.ward.ie, for providing marketing material, in accordance with the Data Protection Acts 1998 – 2003 and our privacy/data protection policy (available at our website www.ward.ie).

If you do not wish to receive this information please e-mail us at privacy@ward.ie.

For more information on how to prevent ransomware, e-mail: preventingransomware@ward.ie

Tick-Tock – One year to GDPR!

Today marks one year to the day until General Data Protection Regulation (GDPR) comes into force. The impending legislation will bring about widespread changes to data protection rights throughout the EU and will have a significant impact on any organisation that processes personal data. GDPR will have far-reaching effects on Irish organisations and will set the tone for the majority of conversations about cybersecurity for the rest of 2017, and indeed the beginning of 2018.

WannaCry

GDPR will place more stringent requirements on companies to alert the authorities and their data subjects, while implementing an established crisis plan in the wake of a data compromise. The recent WannaCry ransomware attack highlighted the security vulnerabilities at the heart of Irish organisations. Under GDPR, some of the companies whose data was compromised could find themselves liable to potentially insurmountable sanctions – fines up to €20 million or 4% of global turnover. With this in mind, it is clear why it is in companies’ own interest to achieve compliance sooner rather than later.

Ward Solutions’ Survey & Whitepaper

So, just how far down the road are organisations with their GDPR preparations? Earlier this year, to raise awareness of GDPR and establish Irish organisations’ readiness for the legislation, Ward Solutions carried out a survey in association with TechPro magazine. The results of this research received widespread media attention, including articles in The Irish Times and on Irish Tech News. Among the results was the finding that almost three quarters of Irish and Northern Irish organisations collect data on Irish and / or European citizens, making them subject to GDPR. As well as this, the survey found that more than one-quarter of businesses don’t know what GDPR is or have yet to start making preparations to achieve compliance – despite heavy fines. The complete set of results has been compiled in a whitepaper, to be launched at our upcoming GDPR seminar on Friday 9^th June in the Royal College of Physicians, Dublin 2.

GDPR Seminar

Ward’s seminar will take a practical approach to providing attendees with clear information about the steps that they need to take to achieve GDPR compliance. Experts from Ward Solutions and Fortinet will advise attendees on how to prioritise their information security and compliance activities to develop strategies that can identify and mitigate the risks to personal data. All attendees will also receive a copy of the whitepaper results. Attendance is free, and those interested can register now on the event page.

Achieving GDPR compliance is a complex process, and one that many Irish organisations have underestimated. Companies should begin their path towards

GDPR, and attending Ward’s event on June 9^th is the ideal place to start that journey.
Ward Solutions is Ireland’s leading information security provider. Contact sales@ward.ie / sales@wardinfosec.co.uk or call +353 1 6420100/ +44 28 90 730 187 to discover our range of information security solutions and discuss your unique requirements.

WannaCry – Where we are right now

On Friday, 12 May 2017, a large cyber-attack using WannaCry ransomware was launched, infecting more than 200,000 computers in over 150 countries. In this blog, we outline what the attack was and what organisations should be doing to protect and defend themselves from this attack and similar attacks that may occur in the future.

So what is WannaCry and why all the Hype ?

The first thing to understand is that WannaCry is a ransomware attack, and in that regard is very similar to ransomware attacks that we see and deal with on a daily basis.  Malicious code runs on an end system encrypting files and then demanding a ransom, typically in Bitcoins. The strong encryption (RSA-2048) used by WannaCry ensures that it next to impossible to decode by other means, although there are some tools such as WannaKiwi which can work in some circumstances. This leaves users with the option to either pay the ransom in the hope that they will get their data back, or wipe their machine and restore from a backup that they should have.

What makes WannaCry different from most ransomware is that in addition to infecting a local machine and its attached drives, it can also infect other machines that it can connect to using known vulnerabilities. In finding its way to new endpoints and networks, WannaCry scans for hosts with port 445 open (port 445 is the port over which  the Server Message Block (SMB) network communications protocol takes place), and then leverages two known SMB exploitation modes to compromise these hosts and infect them with the ransomware malware and the cycle continues.

So how could have this have been stopped.

There are two aspects to answering this, first how could the initial infection have been stopped, and secondly how could the ransomware worm have been stopped from replicating through networks.

Looking first at how the ransomware could have been stopped spreading through a network, this is relatively straightforward. The vulnerability MS17-10 has been known and patches have been available for most of the Microsoft systems affected since April 2017. Identifying, testing and patching vulnerable hosts is a simple matter, and would have been the first line of defence for this attack.
Using tools such as IBM QRadar Vulnerability Manager (QVM), or Qualys you can very quickly identify hosts that are vulnerable and then use a tool such as IBM BigFix to rapidly deploy patches.

Any organisation that had its patching regime up to date would have been able to stop an infected host infecting the rest of the network. At the time of writing it appears as if the only initial vector for WannaCry has been an infection based in the SMB vulnerabilities, and so for organisations that were properly patched the most likely would have stopped the initial infection.

In addition, network segmentation and restricting the allowed communication flows between zones to prevent the spread of worms within the organisation and between organisations/partners would have prevented the spread of the malware.
Finally, at the network level, IPS and firewalls such as Fortinet’s Fortigate and IBM’s XGS have had signatures in place to detect and block command and control communication traffic. These signatures would have been in place since April. If you allow external access SMB to internal hosts (ports 139 and 445), these should be blocked using perimeter security devices as well.

I haven’t had an outbreak should I do anything now?

Even if you haven’t had an outbreak there are a number of things you should be doing right now:
First ensure that all your systems are patched using solutions such as IBM BigFix, and for those legacy system that for some reason you cannot patch either isolate them from the network, or use application whitelisting using solutions such as those from McAfee and Carbon Black, which ensure that the end systems can only run and execute programs known and permitted by your security policy.

In addition to patching the endpoint, organisations should consider disabling SMBv1, and SMBv2 on endpoints only permitting SMBv3, and should search their networks using tools such as BigFix Query to determine if there are any infected endpoints on their network that need to be remediated.

You should ensure that your anti-virus product has the latest signatures and IOCs.

Lastly review and re-educate your workforce through security awareness programs.

Ward Solutions Managed Security Services:
As you can see protecting, defending, detecting and responding to cyber-attacks such as the WannaCry ransomware requires an organisation to have capability and cyber security skillsets across a range of endpoint, server, application, and network infrastructures.
At Ward Solutions, we have developed a set of interconnected security consulting and managed services to help organisations to help organisations tackle these complex demands.

Delivered from our Security Operations Centre (SOC), we provide:

• Ransomware Protection Services. A set of interconnected services, specifically aimed at ransomware.
• Vulnerability Management Services (QRadar/Qualys), which assess the level of risk by exposing vulnerabilities in an organisation.
• Information Protection solutions such as managed firewall, IPS, endpoint and patch management to protect an organisation from the latest cyber threats (Fortinet, IBM, McAfee).
• Security Analytics (SIEM) to detect whats happening across a complete organisation, covering endpoints, servers, mobile devices, applications, databases, networks and users.
• Embedded threat intelligence, which enrich all our services with the latest indicators of compromise and indicators of attack.
• Incident Management services which orchestrate and manage response to security incidents.

Ransomware Defence – what to have in place in case of other ransomware attacks?
As we said at the start, ransomware is something that we encounter on a daily basis, so what are the main steps you should be taking to protect against future attacks (note that these are addressed in more detail through our Ransomware Protection Services:

1. Implement security awareness and training programs so that everyone in your organisation is aware of the threat of ransomware and how it’s delivered to endpoints.
2. Perform regular backups, as in the event of a successful attack these may be your only option for service recovery.
3. Configure perimeter security devices such as Next Generation Firewalls and IPS to block known malicious IP addresses.
4. Implement a centralised vulnerability and patch management solution.
5. Implement mail gateway solutions with SPAM filtering to filter phishing emails and detect and filter executable files from reaching end users.
6. Implement next generation antivirus solutions, which not only protect, but can also detect and respond to security threats.
7. Implement a holistic and centralised security operations and management approach through a Security Operations Centre (SOC).
8. Have a documented and tested Incident Response capability.

Ward Solutions is Ireland’s leading information security provider. Contact sales@ward.ie / sales@wardinfosec.co.uk or call +353 1 6420100/ +44 28 90 730 187 to discover our range of information security solutions and discuss your unique requirements.

Ward Solutions Update II- Security Advisory Notice: Ransomware Wannacry

Security Advisory Notice – Ransomware Wannacry –Ward Solutions Update II
Issued by Ward Solutions Security Operations Centre
May 15, 2017

Following on from our Security Advisory Notice – Ransomware 12^th May 2017 we have additional vendor specific recommendations that may be applicable to your environment as listed below.

Microsoft

Ensure patched on MS17-010 and disable outdated protocol SMBv1.
Microsoft have taken the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.

Relevant links to patches via:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

McAfee

Create a custom access rule in AV to block *.wcry, *.wnry, *.wncryt and  *.wncry. extensions or create it on your email gateway/IPS so it quarantines all attachments with the *.wcry, *.wnry, *.wncryt and  *.wncry extension.

Firewalls / IPS

We recommend blocking the following IP addresses in / out on perimeter firewalls (recommendation from eGov Networks):

197.231.221.221                128.31.0.39                         149.202.160.69
46.101.166.19                     91.121.65.179                     2.3.69.209
146.0.32.144                       50.7.161.218                       217.79.179.177
212.47.232.237                  81.30.158.223                     79.172.193.32
38.229.72.16

We recommend blocking the following IP addresses in / out on perimeter firewalls (recommendation from various sources ie McAfee, Payload Security, Cisco Talos etc.):

104.131.84.119                  128.31.0.39                         136.243.176.148                146.0.32.144
163.172.153.12                  163.172.185.132                163.172.25.118                  163.172.35.247
171.25.193.9                       178.254.44.135                  178.62.173.203                  185.97.32.18
188.138.33.220                  188.166.23.127                  192.42.115.102                  193.23.244.244
198.199.64.217                  2.3.69.209                            212.47.232.237                  213.239.216.222
213.61.66.116                     213.61.66.116                     217.172.190.251                217.79.179.77
50.7.151.47                         51.255.41.65                       62.138.10.60                       62.138.7.231
82.94.251.227                     83.162.202.182                  83.169.6.12                         86.59.21.38
89.45.235.21                       94.23.173.93                       185.97.32.18                       136.243.176.148

Key Reminders:

As recent news indicates WannaCry may potentially change variant and continue to breach organisations defences so key reminders on the basics of protecting against ransomware:

• New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
• Keep operating systems and other software updated.
• Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments. Ensure all staff are reminded to be extra vigilant.
• Be extremely wary of any Microsoft Office email attachment that advises to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
• Backing up important data is the single most effective way of combating and recovering from a ransomware infection. Ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
• Isolate unpatched systems from the larger network.
• Ensure that access to files and fileshares is on a least privilege basis

What Makes WannaCry Notable

While WannaCry (WanaCrypt or Wcry) is ransomware that works like other malware of its type it has a few additional intricacies that highlight just how sophisticated Ransomware is becoming:

• Technically the WannaCry ransomware behaves like many other similar malwares but with the additional ability to leverage an SMB exploit to worm its way through a network and infect numerous users
• The Malware was a leaked exploit which often gives rise to malicious actors utilising them for ill gain as on this occasion
• The Malware uses strong symmetric encryption employing RSA 2048-bt cipher to encrypt files.
• The malwares architecture is modular so more than likely this malware is generated by a group rather than an individual actor.

Further information on the WannaCry Ransomware and how it works can be found at:
https://securityintelligence.com/wannacry-ransomware-spreads-across-the-globe-makes-organizations-wanna-cry-about-microsoft-vulnerability/

If you would like additional information or would like support in implementing preventative measures in your environment, please call us at +353 1 642 0100 or +44 (0) 28 9073 0188 e-mail us at support@ward.ie or sales@ward.ie, as appropriate.

Immediate Action Required: Critical Security Advisory – Wannacry Ransomware!

 
Ransomware has become such a pervasive threat to industry and the public at large, that it is now a household name. More recently, however, the vectors through which the virus spreads have changed, making ransomware more dangerous than ever before.
 
On May 12^th, Reuters reported a number of high profile Spanish companies had been hit by a new strain of Ransomware called Wannacry, leading to significant disruption to business operations. ¹ The Spanish National Cryptological Centre (CCN) have confirmed this report, and have labelled this a ‘massive attack,’ of a ‘very high’ severity, urging all systems administrators to take immediate action to mitigate vulnerability.
 
Additionally, reports are incoming from the UK where NHS sites have been targeted, forcing hospitals to divert patients³. Ward recommend that all our customers take immediate action to mitigate against the threat of the Wannacry ransomware.
What is Ransomware all about?
 
Ransomware is any program that either encrypts the affected user’s files or locks their device, leaving it in an unusable state, with the intention of demanding payment for the release or decryption of their files. The malware is spread most commonly via malicious links or attachments in spam emails or increasingly by infected 3^rd party sites. In the past, strains of ransomware have included crypto-ransomware such as Cryptowall and Teslacrypt, which directly encrypts user files and folders ; and also Locker-ransomware, which saw a rise throughout 2016. Locker-ransomware, including variants such as Locky, and CryptoLocker, are typically transmitted through maliciously crafted Microsoft Office attachments.
 
Why You Should be Concerned?
 
The recent news reports coming out of Spain demonstrate that this variant of Ransomware is unlike any encountered before in that the virus is spreading by exploiting a Microsoft vulnerability. This particular strain is called Wannacry, and it spreads by using a samba vulnerability in Microsoft to infect shared drives within a networked organisation.
 
The Samba vulnerability is known to Microsoft, having been disclosed on March 14^th, 2017, and affects most Windows version including the below;
 

• Microsoft Windows Vista SP2
• Windows Server 2008 R2 SP1 and SP2
• Windows 7
• Windows 8.1
• Windows RT 8.1
• Windows Server 2012 R2 and
• Windows 10
• Windows Server 2016

 
Ward recommend that systems administrators immediately take action to patch against this Microsoft vulnerability, thereby mitigating against the Wannacry ransomware virus.
 
Further details on this patch can be found on the Microsoft support site here: https://support.microsoft.com/en-sg/help/4013389/title
 
If you are using McAfee ePO we additionally recommend you create a custom access rule in AV to block *.wcry and *.wncry.
 
If you would like additional information or would like support in implementing preventative measures in your environment, please call us at +353 1 642 0100 or +44 (0) 28 9073 0188 e-mail us at support@ward.ie or sales@ward.ie, as appropriate.
 
Further Reading:
¹ http://uk.reuters.com/article/us-spain-cyber-idUKKBN1881TJ
²  https://www.ccn-cert.cni.es/seguridad-al-dia/comunicados-ccn-cert/4464-ataque-masivo-de-ransomware-que-afecta-a-un-elevado-numero-de-organizaciones-espanolas.html
³ https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack?CMP=fb_gu
 

ISO 27001 – A swiss army knife for GDPR…

With GDPR just around the corner, many organisations are asking themselves if they should consider implementing an information security management system such as ISO 27001 in order to help achieve and maintain impending compliance frameworks such as GDPR or a PSD2.
First off, it’s crucial that organisations realise that achieving ISO27001 accreditation does not lead to automatic GDPR or PSD2 compliance. On the contrary, organisations seeking to achieve compliance to these standards need to put in a lot of extra work.

This is because ISO 27001 is an international best practice standard for Information Security, while GDPR is a regulation by which the European Parliament, council and commission intend to strengthen and unify data protection for all individuals within the EU. Finally, Payment Services Directive 2 (PSD2) is a new European-wide regulation requiring European banks to make it easier to share customer transaction and account data.

At face value, ISO27001, GDPR and PSD2 are all very different things i.e. legislation, best practice and industry standards. However, at their core they all have something in common, namely the need to appropriately handle, process and store sensitive data whether its personal, financial, commercial or intellectual property. Implicitly they also have common requirements around the need to be able to demonstrate governance, diligence of consideration and decision making, sustainability of operation and conformance with their respective control requirements – i.e. a strategic and systemic approach to Information Security, personal data and privacy.

Implement a framework to steer compliance strategies

Therefore, although organisations will need to complete additional courses of work to achieve GDPR and PSD2 compliance, it is Ward’s recommendation that they consider the implementation of an overarching Information Security framework such as ISO27001 to steer their compliance strategies. The key to integrating these different compliance frameworks and obligations particularly for GDPR is that your implementation of ISO27001 should identify personal data as an Information Security asset.

Implementing ISO can aid organisations in a number of ways:

• Achieving ISO 27001 compliance for the appropriate scope provides organisations with an independently accredited management system to manage their information security according to best practices. The accreditation also provides proof that you and your partners meet the recognised and appropriate information security standards. Organisations conducting B2B with larger enterprises are currently expending a lot of effort demonstrating diligence of their Information handling processes and procedures to existing and new customers. This burden is set to increase. ISO27001 accreditation to a relevant scope should help provide the reassurance that these customers need.
• Maintaining and operating the ISMS or sub functions of the ISMS according to ISO 27001 will lead to improved security and reduced risk to organisations as a by-product of ensuring on-going compliance.
• Implementation of ISO27001 generally leads to significant improvements in the culture and awareness of Information Security which help move organisations from a reactive approach to a compliant, proactive or optimised level of Information Security, leading to increased security/ reduced risk and typically reduced cost of security.
• ISO 27001 requirements make it necessary for organisations to put a number of over-arching policies, procedures, controls and management systems in place to achieve compliance. Many of these elements are required under other security or compliance frameworks such as GDPR, PSD2, PCI/DSS etc., meaning that organisations that achieve ISO27001 will have taken significant steps towards compliance with these other standards as well. However organisations need to work hard to integrate the specific controls, processes, and procedures of each compliance requirement into the overarching Information Security Management Systems. There are lots of sources mapping the different control requirements of each compliance requirement to each other e.g. GDPR to ISO27001 etc.
• The compliance frameworks such as GDPR refer to the desirability for standards or accreditation. ISO27001 accreditation to a relevant scope in our opinion should help demonstrate to a regulator that an organisation expended significant diligence in their compliance obligations either in a BAU audit or post an incident.

A more efficient approach

Running individual, distinct information security compliance frameworks with no common overarching framework will most likely mean duplication of effort, as well as increased cost and management complexity, to organisations. Integrating individual compliance frameworks into an overarching framework such as ISO 27001 means one system to manage all Information Security requirements, reusing common elements across individual compliance frameworks, a much more efficient approach.

IS027001 accreditation demonstrates that the organisation in question, big or small, implements  best-practice Information Security processes, something which is sure to be of interest to customers, auditors, regulators and third parties, especially as GDPR draws closer.

To make the process of becoming ISO accredited easier for you, Ward’s ISO consultant can work closely with your business to steer you through the entire process. We can also customise our services to help you at any point in the implementation cycle:

• Greenfield- We help devise and implement from the beginning.
• Partly Progressed- We can pick up from where you currently are at and take you through to completion stage.
• Full Progressed- We can supply you with an ISO 27001 maintenance service.

To find out more about how Ward Solutions can help you in your ISO and GDPR journey, contact us on +353 87 642 0100 or e-mail: sales@ward.ie