The speed and pervasiveness of the recent WannaCry ransomware attack took the business world by surprise. The extortion malware infected computer networks in more than 150 countries, leaping from Spain, the UK and Germany to Russia, India, China and the US as it spread around the world.
Within hours, hundreds of thousands of computers were displaying local-language versions of the same ransom note: your files have been encrypted, pay the ransom or lose everything.
Early victims included hospitals, banks, telecom firms and transport companies. Organizations in these industries can’t function without access to their digital data, which makes them attractive to cyber criminals. But they can have another vulnerability, too. Many will be burdened with old networked devices running out-of-date software that hasn’t been patched because of the complexity of the network and the difficulty of shutting down systems for updates.
So, what are companies to do? In the wake of cyberattacks such as WannaCry, it’s far too easy to be distracted by the drama of hard-drive encryption and demands for payment. Please remember, though, that payment does not guarantee that your files will be unlocked, and most security experts recommend that you don’t give in to a ransom demand.
The real lesson of WannaCry is that poor risk management leaves you vulnerable. And this boils down to vendors’ poor software security and businesses’ lack of proper prevention. Here are five things you can do to avoid falling prey to ransomware:
Back up your data Maintaining recent backups of your data is essential. Companies that followed this fundamental best practice could safely ignore the WannaCry ransom demand and revert to stored files with little data loss – unless their backup strategy relied on a local storage device, that is. A multi-layered strategy that takes advantage of cloud backup and has a robust approach to redundancy is recommended.
Keep up with patches WannaCry hit computers running older versions of Microsoft software that had not been updated, even though patches that fixed vulnerabilities were available. Patch management has been and will continue to be a challenge for many organizations and end-users. Simply keeping up with the latest patches for Windows, Mac and Linux operating systems and your third-party applications will go a long way to reducing your exposure to ransomware.
Check your security software Be sure that you have security software installed and that it’s up-to-date. New malware surfaces every day, so keeping current with your anti-virus software helps keep your data safe. Given the complexity of today’s computing networks, with mobile, enterprise and cloud environments, and our fast-evolving threat landscape, third-party security expertise can be the best way to achieve active and ongoing cyber defense.
Educate staff to spot scams WannaCry’s sneaky worm component helped it to spread by exploiting a weakness in a Windows file-sharing protocol, but it was the usual phishing emails and dodgy attachments that opened the door to it. Employee awareness is crucial in avoiding a ransomware attack. Staff should be coached on how to spot scams, and urged to take the time to pause and check emails that don’t look right.
Take the “Security First” approach Weave security awareness and practice into your process from beginning to end. DevSecOps is a concept that emphasizes the importance of integrating security into all parts of IT system development and operations, rather than leaving them disconnected. While perfect security is not possible, concepts like this bring it closer.
In our era of random but persistent threats, such as ransomware, managing security is becoming more challenging by the day. By being proactive, getting the basics right and moving away from some of the more problematic platforms, you can certainly keep many of these threats at bay.
Article by Gene Tang, head of Solutions Architecture at Rackspace Asia.