The global malware attack that affected more than 200,000 organisations in 150 countries has brought cyber crime to the top of the risk news agenda
Wanna Decryptor, also known as WannaCry, started taking over people’s computers on 12 May 2017, demanding payments of US$300 to restore access to the files it encrypted. It threatened to delete files within seven days if no payment was made, and threw the UKs National Health Service into chaos.
While it is difficult to prevent determined, well-resourced hackers from launching a technical attack on a network, the truth is that most ransomware attacks generally rely on an interaction with our own users, says Mike Gillespie, IIRSMs Cyber Security Expert and Director of security consultancy Advent IM.
“Cyber attackers usually need to download the malicious software onto a computer, phone or other connected device, including – in the case of the NHS – such things as medical imaging devices and laboratory analysers to name a few, combined with many organisations failing to apply appropriate system and security patches. This combination effectively presents a much more vulnerable environment to the potential attackers, yet without organisations fully understanding the inherent risk.”
The most common ways of installing malware – malicious software – which includes the ever growing family of ransomwares, are through compromised emails and websites. For example, hackers could send an employee a phishing email that looks like it comes from their boss asking them to open a link – but it actually links to a malicious website that surreptitiously downloads the malware onto their computer.
The WannaCry ransomware appears to have used a flaw in Microsofts software, discovered by the National Security Agency and leaked by hackers, to spread rapidly across networks locking away files. While the exact means of delivering the payload is not yet known, WannnaCry is especially interesting for the manner in which it spread, acting more like a worm than most other ransomware does.
A security expert managed to stop the attack by triggering a kill switch about 24 hours later but it continued to wreak havoc, with a second variant being released hot on the heels of the original one.
“All organisations need to become much more familiar with threat and vulnerability, two key components of risk,” adds Mike. “There is a growing need to fully understand the increased connectivity of everything, the convergence of physical and cyber threat and the significant vulnerability that under-aware staff can introduce. Cyber security is no longer in its own silo, but rather it is all-pervasive and affects almost everything we touch and interact with.”
It is time for organisations to realise that the threat is holistic, and so too must be the defence, Mike concludes.
Risk Reducing tips from IIRSMs cyber security expert:
- Educate all staff ... this includes senior management. Education should be targeted, pertinent, interesting, ongoing and effective.
- Make information asset ownership an integral part of all senior management roles.
- Protect especially sensitive information assets as identified by Information Asset Officers more rigorously, using a range of blended technical defences including network access controls, protective monmitoring and regularly updated anti-malware software.
- Implement an effective and risk based backup strategy to ensure that all vital information assets can be recovered in the event of a compromise. This should be an integral part of your business continuity, resilience and forensic readiness planning.
- Never, ever pay a ransom.