The unprecedented worldwide ransomware cyberattack that was carried out late last week is an important reminder that an effective cybersecurity program includes many vital components – including good patch management, data backup controls, security awareness training, anti-phishing campaigns, and a complete and updated incident response plan.
The WannaCry attack is reported to have been predominantly carried out through phishing emails asking unsuspecting end users to open a file. The tremendous impact of the attack caught organizations by surprise, and many were unprepared to thwart or effectively respond to the infections. Targeted end users simply clicked links to set off a vicious chain of events that resulted in organizations going offline, lost access to critical records, rerouted services, and clients unable to receive critical services.
The malware targeted a known Microsoft® vulnerability for which a patch became available in March in Microsoft Security Bulletin MS17-010. When the end-user victim initiated the malware installation on an unpatched machine, the victim’s data was encrypted and held for ransom by the attacker. Attackers asked for anonymous payment in bitcoin in exchange for releasing the files and returning system access to the end user. The malware also scanned devices connected to the internet for open services in order to launch the attack.
Beyond good patch management and data backup controls, the best way to impede an infection is to prevent malware exposure in the first place. The reported number one point of entry for malware in this attack, as in many previous attacks, was through end-user computers with access given by the end users themselves. As this attack shows, organizations that implement effective and ongoing security awareness training and anti-phishing campaigns are decisively at much lower risk of infection through these common and increasingly sophisticated attacks.
However, even with the best safeguards in place, it’s not possible to be 100 percent immune from every attack. Recognizing that becoming the target of a cyberattack is not a question of if, but when, an incident will occur, organizations need to be prepared to respond with a properly designed incident response plan. A complete and updated plan will help ensure organizations are prepared to respond.
Unfortunately, this threat is not new. Malware has existed for more than 20 years, has been using unpatched vulnerabilities to spread and propagate for many years, and has been holding computers and data hostage for more than 10 years. Organizations don’t need special protections. They simply need to use a layered security approach to protect themselves from all malware threats. Organizations should consider implementing the following tactics:
Focusing on the most recent threat can lead to a shortsighted approach to security. Instead, organizations need to use a layered security approach to provide the best protection possible for today and for tomorrow as well.
For comprehensive, in-depth cybersecurity guidance, contact us.
Microsoft is either a registered trademark or a trademark of Microsoft Corp. in the United States and/or other countries.
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2017 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.
The personnel of SDGblue have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides SDGblue clients access to a broader range of products, services, and solutions, while expanding the Crowe cybersecurity risk management capabilities with a deeply specialized team.
Looking for the Client Login?
Access the SDGblue Client Portal
As of Oct. 30, 2017, the professionals of Rowbotham International have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on domestic and international tax and audit compliance services, as well as advisory services.