The pandemonium caused by the WannaCry cyber attack was sadly all too predictable.
WannaCry has the hallmarks of an amateur heist as opposed to the actions of a state actor or a sophisticated crime gang. The presence of a kill switch coded into the malware suggests a lack of resolve not usually associated with the organised crime gangs, state sponsored and politically focused privateers or state actors. The attack was not targeted. The estimated return from the attack barely topped $100,000 - higher league players generally play for higher stakes.
So, the chaos was the result of a relatively unsophisticated attack. But what lessons should be learned from it?
Lesson One - Microsoft was aware of the vulnerability in its XP operating system and had issued a security patch in March this year. Had the patch been installed WannaCry would not have gained access to the relevant systems. Review your anti-malware software and ensure it is up to date and kept up to date and don’t delay on the installation of patches.
Lesson Two - The impact of a ransomware attack can be mitigated if you have backed up key information and files. If you can purge your system of malware and then readily access your backed up data the time taken to restore operations can be materially reduced. So, review and improve your policy for the secure backing up of data.
Lesson Three - The FTSE 350 Survey of May last year indicated only 10% of the responding companies having formal cyber training for staff and only 24% having any cyber specific policy. The Survey has suggested that up to 80% of the cyber incidents declared in the responses could have been avoided by having basic cyber resilience measures in place. Do the basics. Implementing measures to meet the Government's Cyber Essentials scheme will achieve the baseline of improved cyber resilience and the cost and effort of doing so is low.
Lesson Four - Do something soon. According to a survey run by Barkly in December 2016, 52% of organizations that suffered successful cyber-attacks in 2016 were not intending to make any changes to their security in 2017. Surely the old adage of once bitten twice shy been ignored continues to be sensible?