The first waves of the WannaCry attack have subsided, but a tsunami may be ahead for consumers and companies who aren’t prepared for the next ransomware offensive. Eighty-six percent of IT professionals weren’t ready for the May attack despite the fact that Microsoft had released a security patch for the targeted vulnerability in March, a post-mortem analysis by enterprise automation provider 1E found. Half of IT teams took up to a week to detect and patch vulnerabilities, and another quarter took between a week and a month to get up to speed.
Those that fail to learn from history are doomed to repeat it, warned Winston Churchill. Here are some lessons to learn from WannaCry and what to look out for to guard yourself against future attacks.
The urgency of the imperative to stay current on software updates is the biggest takeaway from the WannaCry attack. Those hit hardest were running outdated versions of Windows, with 98 percent of victims running Windows 7, Kaspersky Lab found. Only 6 percent of companies with 50,000 or more employees have completed their migration to Windows 10, and 64 percent do not anticipate completing their migration until the end of 2017, a Help Net Security survey found, illustrating the vulnerability that WannaCry targeted. Seventy-one percent of those surveyed by 1E said that the WannaCry attack raised their company’s intent to stay up-to-date, but unfortunately companies aren’t turning their good intentions into action. Seventy-three percent of respondents reported that their management hasn’t provided any additional resources to bring systems up-to-date, and 87 percent haven’t accelerated their Windows 10 deployment.
Overcoming this institutional inertia is vital to guarding against attacks such as WannaCry. Organizations must resist the mentality to delay updates, and must instead instill a culture that insists upon implementing operating system, app and antivirus updates as soon as they become available.
Staying current also means keeping up with other technology updates that can reduce the risk of attacks. For instance, 4G LTE networks are more secure than 3G and public Wi-Fi networks, with security safeguards such as mutual authentication, longer root key length and integrity protection.
Education and Automation Are Essential
Implementing the imperative to stay current depends heavily on educating end-users, says Nettitude Group principal security consultant Ben Rothke, echoing the advice of other security experts. Users should be trained in basic security practices such as installing updates immediately, setting apps and anti-virus programs to update automatically, only installing apps from reliable sources, avoiding suspicious attachments and using strong passwords.
But even extensive training isn’t going to guard against every potential vulnerability. Some users will fail to follow protocol. Additionally, hackers are targeting an increasing range of vulnerable endpoints, including mobile devices, routers, printers and devices connected to the Internet of Things. This makes it essential to use automated tools to audit networks and to enforce update policies from a central location.
Have a Backup Plan
One disturbing trend emerging in the wake of WannaCry is the spread of attacks that use a similar method of operation to destroy systems instead of hold them for ransom. Follow-up attacks such as ExPetr and NotPetya resemble the WannaCry ransomware attack, but they are actually wiper attacks, leaving victims unable to decrypt data even if they pay the ransom. This indicates that the motivation for these attacks was cyberterrorist destruction rather than profit, pointing toward state sponsorship. Upcoming waves of attacks will target systems for destruction on a large scale, Cisco warned in its Midyear Cybersecurity Report.
Faced with this type of threat, the best way to protect yourself against a ransomware or cyberterrorist attack is to have an effective backup plan, says Rothke. Follow the 3-2-1 best practice of creating three copies of your important data, using at least two different media, with at least one copy stored in a location separate from your physical location, such as a cloud-based server. Scheduling automated, frequent cloud backups is one of the most efficient ways to put this guideline into practice.