Managing Your Company’s Cyber Risk – WannaCry and Tomorrow’s Emerging Threat

The Information Age has revolutionized global communication and presented more opportunities for the advancement of humanity than perhaps any other period in history. With the birth of the World Wide Web, breakthroughs in medicine can travel the world at the click of a button, entire business enterprises can be created from a hotel room, scientific discoveries can reach the masses in a matter of minutes. With the benefits come drawbacks, a significant one being an entirely new and ever-evolving form of criminal activity: Cyberwarfare. In direct proportion to an increasing reliance on technology, cyberattacks are a growing threat to society.

Recently, a massive cyberattack known as WannaCry or WannaCrypt was carried out worldwide, crippling government infrastructure in more than 150 countries, including Great Britain and Germany. Said to be the largest cyberattack ever recorded, hundreds of thousands of machines were infected with Ransomware, a virus in which hackers extorted users for Bitcoins to unencrypt their data.

Pat Byrne, Cyber Security Subject Matter Expert for Threat Tec commented on the hacking stating, “It was eye opening to see how many people and organizations were impacted by WannaCry. They were caught up in an attack on unpatched Windows systems. This wasn’t a zero-day attack. It was a vulnerability that Microsoft had issued a patch for in March that covered its latest operating systems. It didn’t include a patch for Windows XP until after the release of WannaCry because Windows XP has passed its end of life and Microsoft has ceased issuing patches for it, though they made an exception in this case and issued a patch for Windows XP.”

Byrne stressed the need to ensure that systems are up-to-date: “This shows the importance of configuration management, to include having vulnerability management in place that includes a plan on regularly updating applications and your operating systems. This attack was preventable, and should not have impacted organizations and more than 200,00 people.”

The ransom demanded about $300 per computer. Upon recommendation of noncompliance by authorities, many victims refused to pay. Nonetheless, even a small percentage of ransoms could amass a considerable profit for hackers.

Perhaps the most alarming aspect of the attack was the potential for lethal implications. In the UK some hospitals were forced to turn away sick patients and even delay medical operations. This made WannaCry the first known cyberattack in history in which human lives were at stake as a direct result.

Research shows that about 43 percent of cyberattacks target small businesses. While many small businesses are concerned about cyberattacks, only about 14 percent rate their ability to mitigate risks as highly effective and about 60 percent go out of business within six months of an attack. Many of these attacks are the result of something trivial. For example, printing from mobile devices. The functionality of this is great, but raises the question – are your networked printers secure? An increasing number of businesses are being hacked through the unsuspecting printer in the corner of the office. 

In this technological climate, it is paramount that organizations take proactive steps to safeguard against the ever-increasing possibility of an attack.

STEPS FOR PROTECTING AGAINST CYBER ATTACKS

1. Implement secure methods of communication

All organizations can benefit from establishing and safeguarding secure methods of communication. Insecure communication, resulting from unsecured channels such as email or direct mail, is the number one threat facing organizations. In order to reduce risk and maintain compliance with HIPPA regulations, it is critical to invest time and resources to ensure that information is closely protected. Cloud-based systems with multi-layered authentications can offer a high degree of protection while keeping information flowing between the proper channels.

One outmoded way of sending information might be actually be among the most secure: The fax machine.  When a document is sent by fax, it is converted to binary code, sent over the telephone and then reassembled on the other end. Hacking into a telephone system would require direct access to the telephone line and, even if the file was intercepted, it would be virtually impossible to read.  Whether the fax will make a comeback in the era of the Cloud is questionable, but its utility from a security standpoint highlights the need for companies to be creative and adaptable in their approach to securing information; perhaps a mix of cutting-edge and tried-and-true will provide the best solution.

2. Develop a sophisticated password strategy

Oftentimes, passwords are too simple. With access to fairly simple technologies, hackers can take encrypted passwords and crack them through the use of “brute forcing,” a process that involves overpowering the computer’s defenses through repetition.

You can create a better strategy by requiring employees to create passwords with combinations of symbols, uppercase and lowercase letters, and numbers. You should also update passwords regularly, at least once every four or five weeks.

3. Back up your data

A secure backup plan is a must. Many cybercriminals use a tactic called “cyber blackmail.” Much like what happened with WannaCry, cyber blackmail is when hackers seize valuable data and hold it hostage, requiring payment to return it. You can overcome this vulnerability by storing data in multiple locations and on different media. Specialized cloud-based backup services are an ideal way to secure large amounts of data.

4. Be aware of threats from company insiders.

Roughly 55 percent of cyberattacks are carried out by company insiders. Therefore, it is critical to strengthen company protocol. Increasing authorization requirements and closely monitoring employees with access to secured data can help prevent data leaks.

Bottom Line:

Don’t wait for a cyberattack to happen to you. Start developing your cybersecurity strategy now. If your business isn’t prepared for an attack, you could end up losing hundreds of thousands of dollars trying to recover. Mind the above tips and take action to develop a strategy that works for your business.