Many of the UK’s National Health Service (NHS) Trusts have been taken back to pen and paper after Friday’s much publicized cyber-attack that saw IT systems infected with Ransomware and others taken offline to prevent infection.
In this instance, there is currently no evidence that information was stolen as well as being encrypted. There are strains of ransomware which do steal a copy of the data and then encrypt it – so as to have the double whammy of paying to decrypt the information and then still have a data leak. In May 2018, the EU General Data Protection Regulation is enforced and the fines associated with a data loss are potentially huge – up to 4% of global turnover. Organizations need to be properly prepared to prevent attacks and data breaches occurring before the regulation is obligatory.
Here is a top 5 of what this latest attack has taught us
- Ransomware is indiscriminate – it can (and does) impact organizations of all sizes and across all verticals. It doesn’t matter if you are perceived as being a ‘wealthy’ business or not.
- It’s no good thinking that “it won’t happen to me”. The warnings have been there, this is not the time for prevarication, it’s the time for action. Mitigation, clear-up and loss of business is considerably more expensive than investing in security before you have an attack.
- Keep systems up-to-date with patches for the Operating System, applications and for other security measures such as anti-virus and anti-spam. Old, out-of-date hardware and applications need to have a replacement program put in place and acted upon.
- Training and education, coupled with well-known policies and procedures makes all the difference. The NHS had policies and processes in place should a cyber-attack happen. These were put into action and it has meant that in most cases services have been restored relatively quickly (it was also helped with a little luck from a researcher who found the ‘kill switch’ which stopped the infection spreading… but relying on luck is not a strategy for protection!)
- Protect your perimeter. The latest security technology enables organizations to stop attacks at the boundary, before they enter a network, by removing the source of an attack (active code) from documents and attachments shared into an organization via the web and email. For example, Clearswift’s structural sanitization feature can automatically remove active content embedded in email, attachments and web downloads, to prevent attacks from being executed by an accidental link click.
Ransomware has become an epidemic across the world, this latest attack isn’t the first and it certainly won’t be the last. Organizations need to learn from events in the press and start to update their policies, procedures and technology to mitigate against these and future attacks – as well as the introduction of new regulations.