It felt like the world was held to ransom. All over the globe – an astounding 150 countries in fact -, little red boxes popped up on computer screens, causing dread and havoc. ‘Ooops, your files have been encrypted!’ they read, asking for between $300 and $600 (£230 to £470) in bitcoin for the safe release of the files. On Friday May 12th 2017 nations of the world collectively gasped as these faced the most devastating and widespread cyber security incident at that time. Over 200,000 machines were affected, with the perpetrators scamming over $112,000.
In Britain, the NHS was hit the hardest. The little red WannaCry pop-up appeared at 1pm on the screens of only four trusts, demanding the ransom. By 4pm, when the ‘kill switch’ was accidentally found, it had spread to 16 trusts. The cyber-attack threat was officially ‘stepped down’ by NHS England a week later, but not before the affected reached a staggering 80 out of 236 hospital trusts as well as 603 primary care and affiliate NHS organisations. Public health in the UK was seriously affected, since the ransomware attack resulted in thousands of cancelled appointments, infected systems and the diversion of A&E patients to other hospitals.
In hindsight, and a little bit of digging, it was a disaster waiting to happen. The NHS had been warned as far back as 2014 that their level of cyber security just wouldn’t cut it. With a failure to undertake the most basic of IT security procedures, which included patching and updating software, as well as not putting a strategy in place to properly deal with a cyber security incident, it’s a miracle that it didn’t happen sooner. But it was a huge wake-up call, not only to the NHS but to businesses globally. No longer would cyber security rest on the hopes of a flimsy firewall that hadn’t been updated in several years – this is a real risk, with significant consequences. So, in the year since WannaCry, what exactly have we learned?
It’s horrifying to think that WannaCry was a Gen-V cyber threat, while according to Check Point’s Cyber Security Generations Survey from March 2018, only 10% of IT security professionals are at Gen-IV and, worse still, only 3% are at Gen-V.
According to a recent report by cyber security firm Tanium, most organisations would still be unprepared should another incident like WannaCry happen again. The survey of 500 frontline IT security workers in the UK is shocking; 40% admit that their organisation is even more exposed than last year. Only 31% confessed that their organisation had invested in new security systems since WannaCry. As I stated already slightly higher up, it was basic IT security procedures that were the gateway for WannaCry, yet a staggering 66% of the IT security workers admitted that they still hadn’t improved their patch management process.
The results are definitive; it’s time to start safeguarding against further, potentially more devastating, cyber-attacks.
It’s all about the patching
WannaCry sneaked through a Windows weakness where there was a lack of security. Shockingly, it had been discovered and there had been a patch for the offending loophole two months before the attack. I know having to update is a major pain, but guys, it just needs to be done. WannaCry was a Microsoft Windows ransomware, a software that locked the files by encrypting them. This particular ransomware was particularly nasty because it was network enabled, which allowed it to essentially spread like a virus throughout not only the local network, but the internet as well. What your organisation needs right now is a patch management solution in place to patch for known vulnerabilities as soon as they arise, so that no little malware buggers can infiltrate your systems.
Backup, backup again, and verify
Had your organisation been hit with the WannaCry malware and you’d had all of your data backed up, you’d have been laughing – for the most part. Regardless of encrypting malware potentially hitting you, backups are critical for all things disaster recovery and business continuity. Whether it be tape or cloud (like Cetus Continuum), all of your data needs to be replicated somewhere safe. Regardless of where you store it (and we really do suggest cloud), it should all be encrypted. Security is, after all of this, a priority.
Use all of the threat intelligence and prevention
If you haven’t heard, micro-segmentation is really in right now. Which is really great in the face of cyber security. Life may be like a box of chocolates, but your data centre needs to be more like a hotel and protect itself from east/west traffic. This next point is important; invest in some good threat intelligence and threat security. At the moment, we’re working with Check Point and VMware to highlight how merging Infinity and NSX can create the ideal security solution to protect you.
Figure out where you stand with a security posture review
There are hundreds of ways to fall foul of a cyber-attack in this day and age. With work no longer confined to the office, mobile workspaces have become all the rage – and for good reasons. Being able to work while on the field instead of having to wait to get back to the office, being able to work from home, or just simply being able to sort out an urgent matter when on holiday is revolutionary. And everyone’s trying to get into it. However, using some random Wi-Fi is always a risk. Honestly, you’ve not lived until you stand outside an O2 store trying to rob a second of Wi-Fi to send an email. In the rain. But how secure is that? A security posture review is essential to identify where your security has slipped. And it just so happens that we offer complimentary security posture reviews, where we analyse network traffic to detect a variety of security threats, evaluate end-point security, assess any threats that lurk in your infrastructure as well as other crucial little things. Have a chat with our experts to see where the danger can find a way in.
One thing is for definite; cyber security has never been so important, and making sure that your IT reflects that is the way to protect yourself as much as possible from an attack. It’s important to be proactive in your cyber security, or you’ll be reacting to a security breach instead.