At the time of writing, you’ll have read that the NHS is trying to get a handle on the malware believed to be Wanna Decryptor and that the same attack has already hit Telefonica and KMPG in Spain.
In the UK, the instant response to GP surgeries and NHS trusts has been to cut the power to IT systems and minimise the spread of the malware.
At some point, all organisations affected by malware will want to investigate the vector e.g. how did it get it? An email? USB drive? etc. Actually, whilst there will be many people worrying about this now, that’s not the task at hand and certainly not the root cause.
Today’s news highlights what most organisations already know and are probably are trying to avoid. This doesn’t only affect larger organisations, like the NHS, cyber-attacks like the ones that have happened today can hit any size business, and the results and aftermath can be devastating to all.
Many readers will know that NHS, like other public sector organisations, don’t run on the same open Internet as Joe Public does. Saying that, complacency that isolating a network is adequate protection is a falsehood. You still need to consider a multi-layered approach to security for no other reason than how you want to handle what happens when devices leave your network and then come back in?
We can assume that parts on the monolithic IT systems in our healthcare service will be overworked and underpaid and definitely considered aging…like many of its frontline staff. The inherent risks that this carries cannot be underestimated and of course makes them harder to protect, if at all. For example, the MS-17-010 patch that came out in March won’t offer any protection for devices running software such as Windows XP.
Rapid patching and visibility across networks is critical to business at any and all times. It’s just good practice and should never be considered a burden on the IT function.
Perhaps it is sadly when things go wrong, like cyber-attacks, and in this case ransomware that the importance of backups and recovery becomes apparent. Disaster Recovery strategies should be of board level standing and by having the ability to segment critical functions of your operations could limit the spread of problems as well as increase the speed of recovery. In short, it saves time, hassle and certainly money.
One thing that is critical to bear in mind is that security should not get in the way of people being able to do their job. That only leads to them operating outside of your security and carries unknown risks back to the organisation.
Unfortunately this won’t be the final ransomware story of 2017 and may not be the worse (even though this is reported to have hit US, China, Russia, Spain, Italy, Vietnam, Taiwan and others) – and what does ‘the worst’ case look like? It probably depends on where you are standing.
If it hasn’t hit you yet, take my advice. Start at the beginning and get security in place before it does