It is inescapable that almost a day doesn’t go by without yet another cyber incident or issue being headline news. Whether it’s the disclosure that OS vendors occasionally need to disable their AV products, new variants of malware propagating like wildfire or the latest revelations about nation states conducting cyber espionage. New stories are emerging at almost same rate as new bitcoin exchanges and more than anything this is a reflection of our new online world.
The news that a new strain of ransomware (most probably based on the Petya ransomware) has had a wide-scale effect on some fairly substantial organisations perhaps shouldn’t be a surprise; even if it still has the capacity to shock and let’s be honest scare us.
Ransomware attacks can have profound effects on the organisations that fall victim along with the people those organisations work with or serve. Indeed some of my recent engagements and conversations have brought into very sharp focus some of the long term operational and life changing personal impacts these attacks can have. It’s understandable therefore that there is often a media scramble as a picture begins to emerge to try and rationalise what’s happening. However, some of the chat and conjecture can be quite a distraction from the real need to ensure you don’t become a victim.
The observation that many of the initial victims were based in the Ukraine and speculation whether this is a result of actions of organised crime, nations states, “pernicious students of hackery” or all of the above perhaps shouldn’t be an immediate concern; because what difference does it make to what you, me or your supplier does next.
We will undoubtedly continue to learn from each event. Indeed the speculation that an update to accounting software MEDoc might have helped propagate the malware will force people to look more carefully at how their supply chains protect themselves.
However, while security researchers continue to search for the illusive kill switch for this ransomware, what matters most is what you do to prepare, detect and respond to any such threat. Even though ransomware and malware will continue to evolve, becoming ever more sophisticated and wide reaching, the longstanding guidance from the National Cyber Security Centre and others remains your best way to guard against the threat. Whatever any vendor says in the coming days about how their solution would’ve prevented wannacry PetyaGoldenEye there are no silver bullets and it’s only through a combination of technical, personal and procedural controls you’ll lower your exposure. If nothing else make sure you keep your systems and software patched and your AV up-to-date and ensure that your offline backups are being properly maintained. Moreover, take this opportunity to test your incident response procedures, identify who can help before, during and after and determine how you could prevent the malware executing/spreading by locking down your devices, servers and networks. It might be a lot of work and not bring in the dollars, but it’s still easier and more cost effective than trying to recover should the worst occur.
James Mulhern, Cyber Resilience Expert
If you are concerned about cyber security, Eduserv offers a cyber security assessment, for more information contact us on 0844 5000 115 or email firstname.lastname@example.org.