It started across a cluster of hospital systems in the UK. In just a few hours, it would spread to 150 countries and infect countless systems. WannaCry, the ransomware attack that hijacks computers and locks users out until they pay out hundreds of dollars to the attackers, began crippling computer systems worldwide on May 12 and has continued inflicting damage since then.
The stunningly large and effective attack, which has hijacked an estimated 300,000 systems to date, has been a warning “cry” to organizations: if you haven’t been hit, consider yourself fortunate – and ensure you are continuously taking steps to protect yourself, not just against this ransomware attack, but against the hundreds of thousands of different types of cyberattacks that strike companies throughout the globe, every single day.
Preventive Measures Could Have Stopped WannaCry in its Tracks
The assumption of “it won’t happen to us” – an all-too-common train of thought often used to justify cost savings and other short-term efficiencies – can trap an organization in a constant state of technological vulnerability. The truth is that, while the WannaCry attack was able to spread so expansively across the world, every organization hit by the worm could have prevented it with the proper preventive measures.
5 Steps toward Effective Cyber Attack Prevention
So what should organizations be doing to prevent or lessen the impact of these constantly evolving cyber threats? There are 5 key steps that they can take – right now.
Step 1: Demonstrate clear leadership. Strong leadership – both at the executive level within an organization’s IT department – is essential. This is how information security best practices are championed and where high-level, long-term commitments to vital resource allocation are solidified.
Step 2: Manage the technological lifecycle. In the case of the WannaCry ransomware, the cyber criminals constructed the exploit or vulnerability against Windows XP, an operating system that was termed “end of life” (EOL) in April 2014. Companies are given ample notice to upgrade such systems. In short, any proactive organization should incorporate these types of upgrades into its lifecycle management processes.
Step 3: Update software patches. In February, Microsoft identified a ransomware exploit within the Windows XP environment and subsequently released a critical security patch for the vulnerability in March 2017. Organizations that promptly applied this patch were protected against the ransomware. Those that didn’t took on unnecessary risk.
Step 4: Investing in training. Employees play a critical role in every organization’s information security management program. The WannaCry ransomware has been initiated, in most cases, by unsuspecting employees who were tricked by social engineering methods. Training employees to identify socially engineered attack methodologies and creating a culture of awareness can greatly help prevent these types of attacks.
Step 5: Develop plans for business continuity/disaster recovery. Backups are the key to recovery from any cyberattack. Depending on organizational practices, a backup of critical systems at least daily should be the minimum standard. Testing and validating the disaster recovery process is also key to ensuring procedural success.
Keeping Pace with Evolving Threats – and Keeping Your Organization’s Information Safe
There are no guaranteed protections against cyberattacks, and cyber criminals will continue to exploit weaknesses in human nature and technology to their own personal benefit. However, a proactive “defense in depth” approach assists in mitigating the damage of a successful attack. Time, money and personnel are finite resources, and all of them are critical factors in determining the extent to which companies work to secure their information. But it is safe to bet at any organization hit by the WannaCry ransomware wishes it had invested more to protect itself.