With one month of hindsight, and a lot of research, analysts are still in the process of building a complete picture of the WannaCry ransomware attack that took the world by storm. The Ransomware attack, which crippled parts of the NHS, will have set alarm bells ringing in businesses across the globe and the risk to your business from a cyber incident will have significantly increased over the last month. Our CIO Lee Ganly has compiled a brief synopsis of the WannaCry Ransomware attack and outlined a few key steps that you can put in place to help safe guard your business from future attacks.
So what happened?
Powerful hacking tools, reportedly stolen from the US National Security Agency in March, have been used for the first time by cyber criminals. The well-publicised WannaCry Ransomware attack which crippled parts of the NHS, demonstrated the indiscriminate nature of the attacks and potential for disruption and reputational damage. We advise you act now to defend your organisation against future attacks . That means ensuring that basics are covered and the investment in protecting against cyber risk is appropriately prioritised. The c-suite must raise the profile of this imminent risk and sponsor the right conversations with the internal IT team and ideally seek external counsel to support your team and satisfy yourselves.
It’s clear that the WannaCry Ransomware attack is just the start
Thankfully, whoever was behind WannaCry made a variety of mistakes that made it easier to evade, so consider it a high profile warning shot. Relax at your peril; it is reported that hackers have already re-engineered the NSA tools, security analysts have discovered a new variant called EternalRocks, which combines elements from seven NSA hacking tools. While this doesn’t currently have any malicious elements, it leaves infected PCs vulnerable to future remotely executed commands to weaponise with any type of malware, trojan and other threat. These government grade security snooping tools are widely considered a game-changer, even more worrying is that the US government would have strict usage protocols, industrial and hobbyist hackers have no such code of conduct.
What is a “Zero Day” Attack?
Zero Day attacks exploit security holes in software unknown to their vendors, once the vulnerability becomes known, a race begins at the vendor to rectify it with a patch. Software patches are released on a regular basis. Microsoft’s for example, appear on the second Tuesday of each month. If a critical vulnerability is discovered (such as WannaCry), it is not uncommon for a patch to be released outside of schedule, which must be quickly applied by your IT team or service provider.
Where to start, what can I do?
Start by transforming this technical risk into business risk, managed like any other, with good governance, focused management and appropriate investment. This should include:
- Spotlight IT security practices
You need to focus on improving people, process, and governance. Technology does not replace human oversight and commitment. Set expectations that detail the assurances you need to provide confidence that your appetite for risk is being systematically met. Target, the US department store giant and recent high profile data leakage case, reportedly had technology in place which identified the attack, but alerts were ignored. Further, it appears that functionality that could have automatically eradicated the malware was not configured. Validate if you need additional technology investments, or do you instead need better understand existing tools and mature your security management practices?
- Get to know your data
Understand where your data is held, who has access to it, how it’s protected. This may have changed significantly in your move to the cloud, so worth re-evaluating. Worth noting, GDPR comes into effect 25th May 2018, and requires a similar understanding of your data, so the activity could be extended to include both and avoid duplicated time, effort and cost.
- Allocate resources – seek external counsel to ensure your internal team are informed of the latest threats and prevention options and be prepared to adjust your budget in line with the landscape of increasing security threats.
If you would like to talk to us about how we can help protect your business from future cyber security attacks please contact us.