Feeling Vulnerable? WannaCry?

May 14, 2017

“Proactive steps can be carried out to reduce vulnerability, aimed at negating negative business impact”

WannaCry ransomware was first reported on Friday the 12th May 2017. It quickly spread to more than 200,000 computers in over 150 countries and was headline news and continues to be topical in many discussions.

Hackers reportedly used classified information stolen from the National Security Agency to develop WannaCry ransomware that exploited a vulnerability in Microsoft Windows. The impact is huge, both economic and social, estimates are still being tabulated, but could run into the billions of dollars.

An important question raised is about the potential disruption of social and economic activities with increasing dependency on IT systems for daily operations. Irrespective whether one’s computer was infected by this ransomware or not, it is imperative to fix the identified vulnerability by applying software patches available from Microsoft. For computers that were infected, the first step was to stop any further spreading by isolating impacted computers, followed by restoration processes for the computers and data affected.

A key word that has emerged and should be highlighted is vulnerability. The attack vector in WannaCry was vulnerability in Microsoft Windows desktop computer software. Software from other providers too could be targeted for attacks if there are inherent vulnerabilities in their software or associated tools.

The question is: “How to minimize or eliminate vulnerabilities to avoid a potential attack and impact on business?”

In the case of WannaCry, the solution would have been to patch Windows software by applying updates from Microsoft before the vulnerability was exploited. Similarly, for any other software, regularly applying patches released by the providers reduces vulnerability.

But what if one had not applied the patch, the focus would be on the recovery process. Because of an increased dependency on technology, it is important to have an effective recovery process in place. Again, in the case of WannaCry, those that did not have recovery plans in place may have been forced to pay the ransom.

To minimise “vulnerability” below are 4 steps proactive steps that should be taken by every regular user of information technology:

-Deploy preventative measures: maintain software and use prevention and detection tools such as up-to-date antivirus software

-Build awareness through education and communication

-Continuity planning – for businesses, there has to be continuity planning against various risks that could impact the business – back-up procedures form a large part of this

-Monitor and check – regularly testing these proactive steps and updating risk registers is key

Depending on the criticality of the use of IT these proactive steps could be carried out in way commensurate with the risk either by internal IT organisations or by outsourced IT service management providers.

The challenge, and an important point for business leaders or business owners, is in determining the level of risk and the proactive measures that can be afforded and secondly, ensuring that those proactive and preventative measures are being undertaken as planned. Making addressing these challenges part of the overall organisation risk management process is a key step to avoiding surprises.

If you wish to find out more about how Accelerate Evolution can assist your organisation in building and managing effective cyber-defense mechanisms, please contact us on: information.technology@accelerateevolution.ae