- June 9, 2017
- Posted by: Chris Saah
- Category: Cybersecurity, Security
WannaCry shook the world on May 12th infecting more than 230,000 computers in over 150 countries in the first 24 hours. Malware attacks like this have become commonplace, unfortunately. In fact, the information taken in other cases, such as the assault on the U.S. Defense Department and Office of Personnel Management have been devastating.
So then, what was so noteworthy about the WannaCry cyber-attack? The extent and speed of the attack and how quickly it could have been prevented.
First, this was not an attack focused on the information of a single entity, such as in the case of the Office of Personnel Management (OPM) or Department of Defense (DoD). Nor was it one of the thousands of attacks every day that has minimal success because they are caught by anti-malware software or spotted as fake by the average users. The WannaCry virus hit hard, all over the world, in a single day. Perhaps better than any other attack to date, it illustrated the vast vulnerabilities that exist in virtually every kind of organization in almost every country.
Second, and in sharp contrast to the extent of the attack, was how easily it could have been prevented. To understand how to prevent such attacks, we need to understand the nature of such attacks. They are introduced through emails designed to install a program on the computer of anyone who clicks on the embedded link. They exploit security holes on those infected computers to move from one computer to another on a network. Finally, in the case of attacks like WannaCry, they lock the files on the computer by encrypting them and demand a ransom to unencrypt the data.
As such, three basic measures can be taken to prevent such attacks at an organization: Educate. Secure. Protect.
The Ransomware factsheet from the Department of Health and Human Services starts off: “Ransomware exploits human and technical weaknesses…”. It is important to remember that someone in your organization must open an email and click on a link to introduce the virus into your network. Training your team members how to spot the malicious emails is key to any security initiative. Services like Knowbe4 not only train your team how to spot malware but also test them by sending engineered emails to see if they will click on links they shouldn’t.
Organizations that applied Microsoft’s security patch MS17-010 were already protected from the spread of the WannaCry virus. It was released on March 14th, a full two months before the cyber attack, and fixed the vulnerabilities WannaCry exploited. So, even if an individual had clicked on the email link, the attack would have been contained to their single PC and not spread throughout the organization. An aggressive patch and end point management process that reviews tests, and disseminates patches throughout an organization and then monitors PCs to ensure they are up-to-date are essential for an organization’s cyber health.
Finally, it is essential for a company to protect its data. Files stored on an individual’s computer are most vulnerable as they are not backed up. Enterprise File Syncing and Sharing (EFSS) allow your team to access their files from anywhere- desktop in the office, laptop on the road, and any mobile device – while ensuring that they are stored safely in the cloud. ShareFile by Citrix is currently the leader in the space.
Even if an attack had fooled your team member into clicking on it and if the PCs they were using were insecure, files properly stored and backed up would have been readily accessible and restored, eliminating the need to pay a ransom to the cyber-attack perpetrators.
These measures are not complicated or costly, and the effort and expense to implement them pale in comparison to the potentials damage to your organization. Cyber-attacks like WannaCry illustrate that, more than ever, every organization, regardless of size, needs to take basic cybersecurity measures to protect itself.
TecFac provides comprehensive managed services to our clients including strategy, solutions, services, sourcing, staffing, support, and security. Our customers rested easy the weekend of May 12th, knowing its people were trained, its computers secure, and its data adequately protected from attack.