Lessons Learned from WannaCry Exploit

Lessons Learned from WannaCry Exploit

As you probably are well aware by now, the WannaCry cybersecurity attack that happened last month caused quite a stir. Yes, another well-coordinated ransomware attack led to global cyber chaos.

As WannaCry demonstrated, the cost of ransomware goes far beyond the fee that’s demanded to get back your files. It brings down businesses and even threatens lives. The attacks against the UK's National Health Service put hospital operations at a standstill and threatened the health of many patients.

This is a painful lesson for many and reminder that security should be a top priority for every organization, large or small. Here are six takeaways from the WannaCry exploit:

1.  Tighten patch management processes

Patch, patch, patch, patch. It's the number one thing that security experts enforce and the recent attack shows us why.

WannaCry didn’t come out of nowhere – it exploited a known Microsoft vulnerability for which a fix was offered up two months ago.

Yes, the process of applying patches can be complex and tedious, but IT teams must not be complacent. It’s particularly important to patch endpoints, such as PCs and mobile devices, because that’s where 85 percent of ransomware infections originate.

IT teams now have access to endpoint tools to deploy patches consistently, reliably and automatically across a broad range of operating systems. Network Administrators must have tight processes for installing patches and software updates in a timely fashion.

2.  Stay current with software updates

WannaCry was able to spread as quickly as it did because of the countless systems worldwide running on unsupported or unpatched operating systems. One way to protect yourself is to have the latest version of the operating system and make sure you have auto-update turned on so that you get all the security patches or fixes automatically.

And despite fair warning about the end-of-life for Windows XP and the security risks associated with its continued use, this out-of-date and unsupported operating system is still widely deployed internationally.

Many organizations struggle to update legacy systems for fear of causing disruptions during updates. Many medical devices are built on top of old Windows operating systems that are notoriously difficult to update due to government regulations. It's why WannaCry had such a significant impact on healthcare organizations.

3.  Unknown assets can lead to destruction

It's just about impossible to patch systems or even devices that an organization doesn't even know exist. Keeping track of all devices and assets that connect to your network is incredibly important.  For larger organizations, it’s easy to lose track and because these devices go unmonitored, they can provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall.

4. Multi-layer protection & well-maintained data backup lighten the blow

Multi-layered protection will not guarantee attack prevention, but it will slow down intruders. Done properly, a layered approach to security will buy you time — the time you need to respond effectively to any attack and prevent or at the very least minimize damage from a potential breach.

Having a backup of all your data files won’t protect you against being infected by malware either, but it will greatly limit the damage from any attack that deletes or encrypts your data.

5.  Network segmentation can reduce risk

This scenario is a perfect example of how compensating controls, like network segmentation, should have kicked in for a lot of organizations.

Completely disconnecting a machine from the Internet typically renders it of little use. But network connectivity can and should be limited as much as possible with unpatched machines.

Segmentation requires careful network architecture, especially in a complex environment where configurations of firewalls, routers and other devices are continually changing. Rigorous network verification methods can help ensure that the intended segmentation is continually realized.

6.  Educate your end users

Most malware and ransomware threats often arrive via email either as attached files or links to websites that have malware or seek personal information that can be used to compromise you or steal your data or money. 

The conversation must not only be about securing devices, but also about enforcing proper behavior through education. And it’s not just IT and accounting departments that need to be diligent — all employees need to know about the evolving threats, the security practices in place, and the risks they impose on the business by not following protocol.

At IT Solutions we take the proper steps - including those mentioned above - to keep your data safe. If you’re an ITS client and would like to set up a security best practices overview for your users, contact your VCIO today. We’re happy to come onsite and provide a lunch-and-learn session for your staff.  If you’re considering additional protection, check out our advanced security plans which include features such as routine phishing training and testing to identify which users are most vulnerable to an attack. 

Unsure if your managed service provider is doing everything they can to keep your business protected? Contact us today to set up a network security assessment and formal evaluation. For more information about the ways IT Solutions can help protect your business from both inside and outside threats, visit http://www.itsolutions-inc.com/solutions/.

© 2020 IT Solutions Consulting, Inc. All rights reserved... Privacy Statement  |  Site Map