Firstly to clarify, what happened to the people who have been impacted by the latest WannaCry Ransomware attack such as those having hospital appointments cancelled and suchlike is nothing short of a tragedy. I really do feel for the end users who have been impacted by this latest cyberattack that has spread so far and wide and has impacted people on a personal level. This rant below is not about the people who have been affected, this is about those organisations who quite simply have failed to protect their self against such threats due to poor security measures. Everything related to the latest WannaCry Ransomware attack is preventable.
Companies and organisations that have been impacted by the latest WannaCry Ransomware, I have one thing to say to you and that is that I honestly have no sympathy if you have been breached and have quite frankly failed to protect yourself. It’s the same situation whereby homeowners get burgled when they have left their front door unlocked and open, whereby car owners get their cars stolen in Winter when they have left the keys in the car running on the driveway for a chancer to take advantage of, whereby a car driver fails to wear their seatbelt, has an accident and injures their self. All of these things are preventable and most importantly, we all know what we should be doing in these situations so when the correct procedures and best practice aren’t followed, should we really have sympathy for those who have attacked by the latest WannaCry Ransomware?
Within 48 hours of being launched, WannaCry impacted over 200,000 computers in over 150 countries around the world. The WannaCry Ransomware was exploiting a known vulnerability in the Microsoft Windows operating system, a vulnerability that has been known about for at least 2 months publicly and much longer within the National Security Agency (NSA) which actually built a tool named EternalBlue which WannaCry is built upon.
This is a known vulnerability that organisations have simply failed to take seriously and act upon which is why I have no sympathy for those organisations impacted by the latest WannaCry Ransomware. The latest versions of Windows run automatic security updates and patches which means that as soon as vulnerabilities are known about, they are patched almost immediately and help to keep your company and organisation safe. In the situation with many of the NHS breaches, this comes down to computer systems and hospital hardware such as X-Ray Scanners running unsupported, vulnerable and unpatched versions of Windows XP. That’s right, an operating system that was launched in 2001, over 16 years ago, and has not been officially supported by Microsoft for over 3 years.
While organisations that have been impacted may indeed WannaCry while dealing with the fallout from this latest cybersecurity threat, personally I have no sympathy with those affected. Cybersecurity protection is a choice we all make. You choose either to protect yourself, or you choose not to. Clearly the right choice here is to protect yourself.
Have you been impacted by the latest WannaCry Ransomware? Then we can certainly help you resolve the issues your organisation is having and get you onto the right track to become a cybersecurity aware and secure organisation. Get in touch if you need help taking proactive measures to secure your business against cyberattacks.
You may have noticed, we take cybersecurity threats seriously which is why we ensure IT and web based systems are secure from cyberattacks. We help organisations like yours become a cyber aware and cyber secure organisation. We can only do so much ourselves, which is why we encourage organisations of all sizes to start investing in cybersecurity protection before you are the latest in a long line of statistics about the disruption and impact from cybercrime. If you don’t have the skills in-house to deal with issues like this, you need to be working with a company like ourselves to secure your business. You need to take the first step and reach out to IT security companies and ask them to help you to secure your systems. I write blog posts like this not to criticize and point fingers, but to raise awareness and encourage more businesses and organisations to become more cyber aware and secure.
We also sent out the email below to our mailing list who receive priority information on threats like this. If you aren’t subscribed yet, then make sure you fill out your email address in the footer.
WannaCry Ransomware and the NHS
As you will have likely seen on the news over the weekend there has been one of the largest Ransomware attacks in recent history which completely took offline the NHS, many local authorities throughout the UK and has now spread to over 150 countries around the world impacting over 10,000 organisations. As a business, you need to ensure you are protecting yourself against threats like this.
What is WannaCry and Ransomware?
WannaCry is the name of this specific piece of software that has been created by hackers which belongs to a group of cyber security threats known as Ransomware. Ransomware is when a piece of software holds your company to ransom by encrypting all of your data on your entire company systems (file systems, email systems, in-house servers etc.) and you can only gain access to this again by paying these hackers money for them to unlock your files. Money is often paid in cryptocurrencies such as Bitcoins as they are untraceable.
How to Protect Yourself Against Ransomware
Protection against threats like this is actually relatively straight forward. You must be taking proactive steps on a weekly basis to keep your IT systems up to date, patched and secure. Do not expect that either your IT person or your IT Support provider is handling this for you, you need to know exactly what processes are in place for these areas of protecting your business.
Secondly, staff training is extremely important to protecting your business from cyberattacks such as Ransomware. No matter how secure your IT systems are, if unaware staff open an attachment on an email or click on a link they believe to be genuine, this can bring down your entire company systems and stop work altogether. This in itself is not only costly in the form of not being able to work, it is even more costly to resolve situations like this after they have happened. Prevention and protection is always cheaper than the cure.
What to do Next?
As a business you should be investing in regular IT security support which helps to protect your systems from threats like this. This doesn’t have to break the bank either, the systems and technologies that are available today are a fraction of the cost they were 10 years ago which makes them affordable to businesses of all sizes. – Find out more
As a business you should be investing in regular staff training on cyber security threats to minimise the risk of one of your members of staff causing a damaging cybersecurity breach within your company based on lack of awareness. A workshop run at your premises or one of our group based sessions are prefect for companies of all sizes. – Find out more
We cannot stress this enough, when you are proactive dealing with cybersecurity threats, your organisation will be safer. Simply sticking your head in the sand and thinking that it will never happen to you has proven on many occasions to be a very bad decision and virtually always results in a cyberattack happening.
Michael Cropper