Home / Cyber Security / 10 Lessons We Can Learn from the WannaCry Outbreak

10 Lessons We Can Learn from the WannaCry Outbreak

  1. Cyber threats are serious: When organizations like Renault, the UK’s National Health Service, and FedEx are hit, this should be a wake-up call to everyone.
  2. Take offline backups: Assume you might have to restore from scratch. Cloud drives and shared drives are great, because they’re well protected and always on. However, that means that your online cloud space could well be encrypted by malware, and what’s worse–if you don’t catch it in time, the copies on ALL of your devices could be compromised. Make sure you have an offline copy of your important data–that’s anything you wouldn’t like to lose–and, ideally, more than one copy. There’s no need to worry about shuffling tapes, CDs, or DVDs any more: Multi-terabyte USB drives are now fast, convenient, and affordable.  Backing up has never been cheaper!
  3. If you have to use an obsolete system, perhaps to support a specific application, then make sure you keep it on a well-protected, isolated network. Security researchers nowadays are very unlikely to give an un-patched, un-firewalled machine any more than 15 minutes on an Internet connection before it gets compromised.
  4. Don’t be penny wise and dollar foolish: When it comes to the cost of upgrading obsolete systems and updating to new software, compare it not with the cost of doing nothing but rather with the potential cost to your business in terms of lost productivity and reputational damage when cleaning up after a ransomware attack.
  5. The only surprise is  that it didn’t happen sooner. Despite years of harping on the same tune from IT security researchers and ample warning of end-of-life and end-of-support dates from software vendors, the number of exposed obsolete (Windows XP users, that means you) systems still out there beggars belief.
  6. Realize that the world is pretty much at a point where not keeping your software patches up to date and subscribing to a reputable anti-virus/anti-malware solution is like driving without your seat belt or safety helmet.
  7. The line between “inside” and “outside” your firewall is nowhere near as clear-cut as it used to be. WiFi, guest access, bring-your-own-device, email–there are lots of ways past your network perimeter. Consider multiple levels of trust with specific protection for key systems, applications, and data when designing or upgrading your networks.
  8. Don’t assume that “they” will protect you on a corporate system: Your organization’s IT staff will be working hard to protect your infrastructure, but good safety practices will help keep you (and your coworkers) better protected against external threat. Remember the ABCs:
    1. Accept nothing unless you’re sure what it is or where it came from (that includes clicking on links). A genuine sender won’t mind if you check with them; in fact, they’ll appreciate that you are mindful of your own and others’ online safety.
    2. Believe nobody, unless you’re sure that they are who they claim to be and that anything they’ve sent you or asked you to do is genuine. Social engineering–getting users to assist the attacker in compromising an organization or its systems–is a real and growing threat.
    3. Challenge everything. If in doubt, check. Better safe than sorry!
  9. Know what to do if you have a machine that is, or that you think might be, infected: If it helps, remember C3PO! “Cut power, change plugs, change passwords outright”:
    1. Cut the power: If malicious software is running on your machine, then the sooner you stop, it the better, and the more chance you have of any recovery attempt being successful.
    2. Change the plugs: Make sure the machine is disconnected from any networks, including wireless networks.
    3. Change all of your passwords outright, to prevent any compromised password from allowing someone to misuse your online accounts.
      Your suspect machine is now not getting any worse, can’t spread the infection to other devices or compromise other services, (Don’t forget to check any cloud or network storage though, and any other devices linked to that storage.) and your online accounts are safe with new passwords. At this time, you can now start to repair or rebuild your machine: If you’re not confident with doing this, get help.
  10. Don’t be complacent: Practice good online safety habits so that you don’t become a victim next time. The one thing that’s absolutely certain from all of this would be that there is definitely going to be a next time.

About Gavin Martin

Information systems architect / technical design authority with over 20 years experience delivering small-scale through enterprise systems to commercial, finance and government customers.

Check Also

No Longer Able to Trust SMS as an Authentication Mechanism?

As reported by Ars Technica and others, cyber criminals based on a foreign mobile network …

Leave a Reply

Your email address will not be published. Required fields are marked *