Four Important Lessons from the WannaCry Ransomware Attacks
The recent WannaCry ransomware attacks put cyber security on the front page of every newspaper in the world. Now, everyone knows what ransomware is and how destructive it can be, but will anything change? Following are four critical lessons that both organizations and individuals should take away from WannaCry.
No Organization is “Too Small” or “Unimportant” to Be Hacked
Too many businesses still think that only national or multinational firms, or companies in certain industries, have to worry about cyber security. However, hackers do not discriminate, and neither did the WannaCry ransomware. WannaCry, which took advantage of vulnerabilities in old, unsupported versions of Windows, sought out victims according to the operating systems they were running, not the size of their enterprises. While infections at large organizations like Renault, Telefonica, and the NHS grabbed the media’s attention, small businesses were hit as well. Often, small organizations are even more susceptible to hackers than multinationals because small firms are more likely to be running wildly outdated operating systems or have a “homemade” website that may or may not be secure.
Still not convinced that your small enterprise needs to take cyber security seriously? Consider the following: Over 40% of cyber attacks target small businesses, and the U.S. Securities and Exchange Commission reports that 60% of small firms will go out of business within six months of a data breach. There is no such thing as a business that hackers “don’t care about,” and the fallout from a hack can be catastrophic.
You Must Back Up Your Systems & Data
The best way to defend against an attack like the WannaCry ransomware is to take proactive steps to ensure it doesn’t happen in the first place. However, if an attack does occur – or if your computers are damaged in a fire or a natural disaster – a backup can mean the difference between reopening your doors immediately and your company being shuttered for days, weeks, even months. Because ransomware is often programmed to snake its way through an enterprise’s entire network, make sure that your backup drives are isolated from your main systems. Even better, partner with a secure cloud backup provider that is, at a minimum, compliant with AT-101 SOC 2.
Update, Update, Update
For all the havoc it wreaked on government entities and private-sector organizations, the WannaCry ransomware left nearly all home computers unscathed. This is because individuals, unlike organizations, are more likely to be running modern operating systems, and WannaCry took advantage of vulnerabilities in old versions of Windows, some of which Microsoft stopped supporting years ago. About 98% of victims were running Windows 7, which was first released in 2009. Yet none of these infections had to happen. Windows 7 is still being supported by Microsoft, and the company issued a patch for the OS in March. Apparently, though, a lot of users never downloaded it. In some cases, this may have been due to a mysterious flaw in Windows 7 that causes some machines to spontaneously stop auto-updating.
In today’s threat environment, clinging to antiquated operating systems and software is downright dangerous, as is not regularly updating modern systems. Software and OS updates often contain important security patches addressing new and emerging threats.
You’re Probably Better off Outsourcing Your Cyber Security
Cyber security moves at the speed of technology, and technology is advancing at the speed of light. New threats are emerging daily, and just keeping up with it all is a full-time job. Most businesses simply don’t have the in-house expertise, time, or budget to handle all of their cyber security needs in-house. Outsourcing your cyber security, risk management, and compliance to an experienced, reputable firm such as Continuum GRC is cheaper and far safer than attempting to protect your systems on your own.
The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.
Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance with all applicable laws, frameworks, and standards.