After two major ransomware cyberattacks wreaked havoc across the globe, Andrew Douthwaite offers insights into what business leaders must learn in order to keep their organizations secure.
There are many lessons to be learned from the two major recent cybersecurity events that left hundreds of thousands of machines infected and disrupted businesses, factories, hospitals and schools in over 150 countries. The WannaCry ransomware aimed to take control of system data by encrypting important files as soon as the virus became active. This malicious software would then demand a ransom of $300 to be paid via Bitcoin -- a cryptocurrency which makes the transfer of funds near anonymous. For those without backup solutions or continuity planning, this was a costly kidnapping. Although initially believed to be a copycat, ransom-driven attack, the real motives of the Petya virus were later believed to be seemingly motivated by wreaking indiscriminate damage.
WannaCry ransomware aimed to take control of system data by encrypting important files as soon as the virus became active. This malicious software would then demand a ransom of $300 to be paid via Bitcoin, a cryptocurrency that makes the transfer of funds nearly anonymous. For individuals without backup solutions or continuity planning, it was a costly kidnapping. Although initially believed to be a copycat, ransom-driven attack, the real motives of the Petya virus were later believed to be seemingly motivated by wreaking indiscriminate damage.
Although initially believed to be a copycat, ransom-driven attack, the real motives of the Petya virus, the other major cyberattack, were later believed to be seemingly motivated by wreaking indiscriminate damage.
As cyber attacks grow in popularity, there are a number of key steps that businesses must take to protect themselves from ever having to deal with a prompt window demanding a ransom payment, which, the way, rarely leads to your data ever being recovered.
Discuss cybersecurity in the boardroom
Executives need to recognize that rogue events, such as ransomware infections, denial of service interruptions, and direct cyber attacks, affect a company's bottom line. Technology allows businesses to operate at a fantastic speed, but many underestimate the amount of risk this carries. For companies that provide internet services, this risk is tenfold; downtime means hemorrhaging revenue and a sudden erosion of consumer trust. When ransomware is discussed at the highest level, only then can the right strategies be implemented successfully.
Humans are often the weakest point
Even the strongest cybersecurity systems are vulnerable to an uneducated workforce. Businesses suffer when users perform simple mistakes like downloading infected email attachments, browsing infected sites, and using common and easy-to-guess passwords.
Cybersecurity practices needn't be complicated. Many managed service providers will provide a list of best practices that can be translated or directly taught to employees, safeguarding your company’s data and time. Also, email screening platforms should thwart any malicious emails from reaching end users in the first place.
Have your systems regularly evaluated
Many systems and processes will "feel" secure, even to educated analysts. Having a third-party perform an investigative review will highlight any blind spots. Existing legacy systems should be upgraded where possible. In the wake of WannaCry, this was one of the reasons that the U.K.’s National Health Service had to turn away nonemergency patients.
When legacy systems are a necessity, they should be protected with unprecedented security – robust firewalls, URL and IP filtering and strict user regulations. Outsourcing cybersecurity protection is a popular choice for good reason. In-house teams deserve an extra pair of eyes and professional toolsets.
Patch and patch again
Software updates have long been the bane of IT departments for good reason – updates break things. However, users who were running the latest versions of Microsoft Windows were simply invulnerable to the WannaCry virus. Having an upgrade and maintenance cycle that makes sense is vital, and unsupported operating systems should be avoided at all costs.
Instead of putting upgrades off, having a plan for implementing future patches will safeguard against most attacks. When large companies fall victim to cyber attacks due to outdated software, and this fact is publicized, public confidence waivers.
We are past the era of the "simple backup"
Not only do backups need to be performed regularly, they need to be secure and easy to access. It’s important in the wake of an attack that businesses understand which data has been lost and which is recoverable. Having your security evaluated will point out which systems deserve most frequent backups and where optimizations can be made.
Continuity planning is just as important as backing up data. All systems can fail, even mission critical ones. What’s key is having a plan for getting things running again. Documentation is key. You don’t want to be scrambling for ideas when employees are stressed and in a rush to get everything back online. Following a system outage, an up-to-date playbook will lead you out of the dark.
Ransomeware is here to stay
WannaCry and Petya signaled to hackers and state-sponsored groups that the business world remains highly vulnerable to cyberattacks. Luckily, there are many solutions companies can turn to. Security specialists worldwide are working together more than ever before. It’s easy to forget that you're not alone in protecting yourself against cyber risk.
User computers and servers should be protected by multiple layers of security, ensuring that attackers and malicious software cannot move laterally. There will always be weak points. Being prepared, however, means never giving up looking for them.