Blog: Simple security lessons learned from the WannaCry attack
Almost three weeks after the WannaCry ransomware outbrake, I would like to determine some simple cybersecurity lessons we all can learn from. Not to point in the direction of “we told you so”, but to see what we have learned so far and how we can better prepare for the future.
Lesson number one: to patch or not to patch? That should never even be a question!
I posted a tweet on May, 13th with exactly the same text, and added the hashtag “WannaCry” to it. The WannaCry attack again proved how important it is to patch your systems. Despite the fact that Microsoft had released a patch to counter the WannaCry malware already in March, the virus spread like wildfire among unpatched systems infecting more than 50.000 computers in the first few hours. So, does your IT department say patching is too difficult or cannot be done? Get a new IT department!
Lesson number two: asset management is here to stay
How does an organization protect it’s assets if it doesn’t even know they exist in the first place? Well, they don’t. Or at least: the chances are that “forgotten” systems are poorly protected and probably not monitored. Therefore, your IT department should always manage it’s IT assets by keeping the Configuration Management Database accurate and up to date. And in case there is no IT asset inventory list at all, make sure to install one asap. All assets must be known to the IT department, because only then they can provide the security needed. This may shine a whole new light on “bring your own device” and IoT devices. If employees can plug their own (IoT) device into the corporate network, it may become harder for the IT department to manage and control the digital flock. On top of that, many IoT device manufacturers haven’t made security a top priority yet, making these internet connected devices a relatively easy target for hackers, which poses an additional risk.
Lesson number three: from data protection to real world protection
As we saw with the WannaCry outbreak, it affected hospitals, factories, parkings and many more real world services. This means that cybercrime does not only target or affect data, but it can also impact on real world services. That is a frightening thought, especially after reading a security.com article published on May 23rd.: The article says that patching of software that runs critical infrastructure, such as powerplants, takes an average of 150 days. It’s safe to say that cyber attacks may harm the safety of people too.
Lesson number four: Test business continuity plans
We have seen WannayCry interrupting businesses and public services. That must have cost serious income and for some organizations serious reputation as well. This makes it very clear that a business continuity plan must be present and executable. Protection of data and systems should also include availability and not only focus on confidentiality. Every organization should have a continuity plan available, and even more important: have that continuity plan tested at least once a year.
Cybercrime is serious business
It’s here, it’s real and it’s here to stay. Every organization should constantly be aware of possible cyberthreats lurking to breach security and to cause damage. We must learn from incidents that have occurred and we must always be prepared for new attacks. Not only to defend ourselves and our organizations, but also to help to preserve our precious, free and open internet.
Author: Geert-Jan Krol