How to Resist Future Attacks after WannaCry Ransomware

May 20, 2017 | 4:52 pm

Published by | Payal Gautam


The ransomware attack known as WannaCry first struck on Friday, May 12, 2017, and by the pursuing Monday, completely reached more than 200, 000 computer systems in 150 countries. Though we still don’t know all the details, is actually clear that some organizations were victimized far more severely than others. The news of this instance reinforces a view that we at PwC have promoted for some time. Effective security against cyber-attacks has less to do with any particular technological factor and anything to do with proactive risk management in basic.

Like all ransomware, WannaCry damages companies in two ways. First, it costs the organization to restore the documents that the algorithm has encrypted. Second, even if the ransom payment is small — and there’s no assurance that future ransomers will limit theirs, as was the case with the WannaCry fee, to US$300 in bitcoin — the costs of copying can be immense. Research conducted by PwC found that a majority of ransomware incidents resulted in hours of downtime or networks taken offline for up to the week. Furthermore, the attackers still maintain any proprietary data they picked up. They can offer it or release it publicly, even after the targeted company has paid a ransom.

We expect there will be more attacks because the techniques and exploits used to distribute WannaCry were only recently leaked to the earth in April 2017 (allegedly from the Country wide Security Agency by an anonymous group called shadow Brokers). Similar documents (allegedly actually from the Central Intelligence Agency) were released by WikiLeaks in March 2017, and there will probably be more such leaks, not simply in the U. S. and European countries, but in countries throughout the world. Every breach will empower independent actors with tools previously held by governments. Ransom, blackmail, monitoring, shutdown, and data treatment are all more possible than they were only a few months ago.

All companies and organizations must now ask themselves the same question, whether they were damaged by WannaCry or not, Just how can we protect yourself from similar attacks in the future? Here are five key factors that separate vulnerable companies from more resilient enterprises.

1. Robust digital hygiene:

The WannaCry event highlights the value of vigilant IT management: staying up-to-date with technical advances. Microsoft released their patch for WannaCry’s windows vulnerability in March 2017. Companies that promptly installed it was protected, while many of the hardest-hit companies were using out-of-date operating system software and even pirated software. Strong hygiene also involves demanding backup practices. For example, don’t just backup your company’s data. Test the backups regularly. Secure them so they are independent of your other systems or networks.  Otherwise, they will be corrupted as well.

2. The capability to identify intrusive behavior:

Human error continues to be the most prevalent ways of increasing access to proprietary information. Employees often unwittingly uncover data to an internet threat actor through a fraudulent email or other socially engineered techniques, therefore giving hackers access to passcodes or other means of entry. Organizations with effective risk management techniques rarely release sensitive information to outsiders inadvertently. They may be particularly protective of management accounts and other fortunate information, they make it extremely difficult to obtain the sort of data that would allow someone to control a system. They are also adjusting to diagnosis, learning to recognize the keystroke behavior common to intruders and isolate it instantly. The one thing they share openly is the data about the intruders they detect, cooperation among security professionals from a variety of organizations is one of the better defenses against cybercrime activity.

3. Thoughtful design of IT infrastructure.

Every company has its most valuable information assets, crucial intellectual property, proprietary customer-related data, financial data, and other logically valuable insights. These must be protected differently from other information assets. Design your systems accordingly. Payout particular attention to your details supply chain, Which distributors, suppliers, and partners get access to your data, and what are they doing to secure it? Rethink your authentication and security settings; for example, introduce two-factor authentication, in which a password must be merged with biometrics, tokens, or some other authentication factor.

4. Advance planning and rehearsal.

In the same way that you have developed advance plans for floods, fires, and other emergencies, prepare for cyber-attacks before they occur. The plans should specify how you will respond if you have an attack, and that will be accountable for which aspect. (For example, who will head up the information chain that notifies customers if their credit-based card information is lost — the chief risk officer, the primary information security officer, or someone else? ) To prepare for ransomware attacks, set up a decision matrix. That will retrieve the information from a backup? Who also will communicate with the information kidnappers? Under what last-resort circumstances — for example, a threat to life — might you be forced to pay the ransom? Think through all of this ahead of time and rehearse your responses. If perhaps a crisis does happen, you will already know very well what to do.

5. Early adoption of cloud technology

Cloud-based systems are updated easily and automatically in one location, gather data in real time about attacks and infections, and incorporate built-in restrictions that separate software levels and block intrusive software from reaching fruition. This kind of gives them an advantage over systems that count on computers on the premises. It may also be relatively difficult for intruders to exploit gaps in the cloud-based architecture. To get instance, in late April 2017, Google blocked a spear phishing attack (an attempted use of targeted email to get people to send compromising information), the cloud-based facets of Google mail software enabled it to rapidly identify and separate the intruding malware.

Of course, although you may have these five attributes in place, you are unable to be satisfied. The most effective companies have focused on developing their cyber security acumen. New ways of approaching your computer systems can become a way of life protecting against breach, preparing for your response (including separating your a back up from your network), removing your backups from the rest of your activity,  responding rapidly and effectively to intrusions when they occur, recovering, if necessary, with measures you have put in place in advance of time and building resiliency. When these activities have become ingrained in your company, then your prowess at managing internet risks turns into a strategic asset. If you can do this, you can also master many of the other management difficulties in our increasingly sophisticated business environment.