Major Ransomware Incident Could Have Been Avoided if Only the Firm Listened to Their IT Provider’s RecommendationsNovember 3, 2017 2:46 pm Leave your thoughts
A major ransomware attack that took place in May this year could have been prevented if the appropriate security measures had been in place.
The WannaCry cyber-attack struck around 300,000 computers across 150 countries, wreaking havoc on thousands of businesses from hospitals in the US to universities in China to the UK’s National Health Service (NHS). The ransomware encrypted data on vulnerable computers, demanding ransoms of around $300 per computer.
However, a recent report into WannaCry and the NHS has found that none of the NHS trusts passed the required cyber-security standards before the attack, and that the organisation had not acted on critical warnings from their IT provider to patch or migrate away from vulnerable older software.
Former Chairman of IT provider NHS Digital, Kingsley Manning, attributed the rapid spread of the WannaCry ransomware throughout the NHS organisations to a failure to upgrade old computer systems at a local level, and a failure to keep up with cyber-security improvements. He also blamed “a lack of focus” and “a lack of taking it seriously”, labelling WannaCry as “an extremely unsophisticated attack” that could have been prevented with better disaster planning.
Working with an IT provider is vital to your business security, but if you’re not going to take their advice and recommendations on board, then you are putting yourself and your business directly at risk. At Cymax, we work proactively to ensure that every one of our clients is protected against security threats, but if you’re not implementing the safety measures and plans that we recommend, then keeping your business secure and protected is, quite frankly, simply impossible.
Keep Your Software Up to Date
Attackers will commonly prey on older, outdated software that doesn’t have the appropriate security measures in place. Software upgrades and patches are released for the specific purpose of combating the most current security threats, and the importance of ensuring you are always using the most up-to-date software cannot be understated.
You should always consult with your IT security partner when you are looking to make any changes to your business computers or software, and heed their advice – because it’s only in your best interests.
Stay Protected (Even if You Think You Have Nothing to Compromise)
We guarantee that even if you don’t think you have valuable data worth stealing or compromising, hackers can find a way to get to you. Whether it’s customer data or information on your bookings or appointments, hackers can find a way to monetise your information.
In the case of the NHS, while they were lucky in the fact that they didn’t lose financial data, they did suffer an interruption to their booking system and had thousands of medical appointments cancelled – including operations and urgent referrals for potential cancer patients. As you can imagine, the cost and time taken to revert an issue like that are quite substantial – not to mention the impact on the patients themselves.
And once your organisation is compromised, you can then be used by hackers to compromise other systems via attack vectors sent to people who trust you, increasing the reach of the attack and taking down associates and related organisations in the process. Luckily, the attack on the NHS didn’t get this far, but it’s clear that there’s still a lot of work that needs to be done to improve their internal security and disaster planning.
When you consider the fact that this kind of ransomware attack could have been quite easily prevented by simply following the advice of their cyber-security experts well before it even happened, it makes this security breach all the more lamentable.
Be Prepared for Anything
Could you imagine your business being affected by a cyber-attack? What would the consequence be if your business was down or offline for 24 hours, or more? How could you manage being compromised in that way, and how would you communicate to your customers that yours was a secure, reliable company and one that they could trust to work with?
Security threats don’t just cause an inconvenience to your business. They send a message to your customers and clients that your business is unsecured, and that when transacting with your business, they might be compromised as well. People are very protective of their data and information – and rightly so. You need to present a strong, secure front to your users and customers so that they have confidence in working with you.
Modern businesses need to be prepared for potential cyber-attacks, now more than ever. The lack of planning by the NHS in the case of the WannaCry attack is a testament to that. If the organisation had applied security patches and acted upon the warnings sent out by NHS Digital when the issues were first brought to light, they could have managed a much faster and more effective response to a major cyber-security crisis.
Dealing with ransomware and other IT security threats is more about the management than the actual technology. If you don’t have an appropriate and up-to-date disaster plan in place, if there’s any part of your business that you think might be at risk or if there’s any software or hardware that you’ve got doubts about in terms of age or security, then you need to speak to a reputable IT security provider and get this sorted – now.
Don’t run the risk of having to recover from an attack. Be proactive, take on the advice and recommendations of your IT provider – because we do know what we’re talking about – and make sure your business is protected against any and all potential threats. Call Cymax today on 1300 790 690 or contact us online to turn your IT security around.