This article is sponsored by Commvault
In May 2017 the now notorious WannaCry ransomware cryptoworm made headlines around the world. More than 200,000 systems across 150 countries are estimated to have been affected which, at time of writing, has yielded the criminals 50.4 bitcoins in ransom, approximately USD 115,000 depending on the current market value of bitcoin. Whilst this is a far smaller total amount than initially feared, it does not reflect the far greater cost caused by disruption to organisations worldwide.
This disruption caused to organisations such as the UK’s National Health Service, which was unable to access its clinical systems and had to revert to pen and paper, brings to light the importance companies must put on protecting their data, which serves as the heartbeat of every organisation.
Now as the dust settles, it is the ideal time to examine the strategic shortcomings that led to WannaCry’s high profile spread and impact. Whilst the swiftly released patch certainly helped protect systems, and later a killswitch was accidentally discovered which neutered the cryptoworm, these are just tactical responses to one specific attack. Instead it is important to focus on the strategic causes and solutions, so that organisations will have a better chance of preventing similar incidents in the future and help minimise disruption.
Examining the Response to WannaCry
Following the outbreak, IT security organisations worldwide issued warnings to companies and users about the threat. As the news spread, IT security leaders scrambled to patch their vulnerable systems and contain the infection where possible. Then as often happens following high profile cybersecurity incidents, IT department sent out warning emails to employees to beware of suspicious links, emails and attachments.
There are several problems here.
Working backwards, let’s start with the “security awareness raising” aspect of the response.
In short, simple email reminders to employees are an insufficient response. By their very nature, ransomware attacks will always try to disguise themselves as legitimate emails, links or attachments and inevitably, users will get duped.
Now that’s not to say that IT security awareness raising is pointless, it definitely has an effect and it’s worth doing given that, as everybody knows, users are the weakest link. However this effort must be done regularly, as part of a strategic approach, rather than just an ad hoc response to a specific incident.
Keep in mind though, WannaCry was not primarily spread via email attachments as originally reported. This might be a surprise to some readers because most people associate ransomware with dubious links and naïve users. On the contrary, according to malware analysis experts Malware Labs:
Sign up for Computerworld eNewsletters.