What Can We Learn From the Recent Ransomware Attack?
Last Friday, a devastating wave of ransomware known as #WannCrypt or #WannaCry spread to over 200 countries. In terms of a number of infections, the country that got hit the hardest was Russia. The United Kingdom, Spain and other countries saw damage to their National Health Service. Hospitals had to unplug their computers to stop the malware from spreading to important information.
The United States, even though affected mildly by this recent ransomware attack, should feel quite lucky compared to other countries. Why? The intentions behind these attacks and who they were targeting are still unknown. Choosing not to target many U.S systems for some reason we are not really sure. Another reason is that most users in the United States have the most recent Windows operating system, while other countries user is in previous versions. This seems like a win for the United States, right? No, on the contrary, we need to look at this as a warning stage for something more malicious in the near future.
What’s the biggest lesson learned from this attack?
It’s simple: the next major cyber attack might be just around the corner. Cybersecurity should not be politicized; government officials and business entities have everything to gain, in terms of public safety and promoting better cybersecurity. The recent ransomware attack has put a spotlight on cybersecurity and how important it is to strengthen our security.
Protecting all your data, systems, and networks from all forms of malicious activities are not going to happen. We have to realize what assets are most important for us to defend. Data auditing is an important step towards improving your cybersecurity. Which data is critical to your company? What data do you need to store? Which data should be accessible all the time and which data should just have limited access?
Cybersecurity teams should be held accountable to ensure compliance with the fundamental standards for information security. If the compliance is imperfect then the attacker probably already knows where the weakness is. It is also critical to maintaining resilience in the face of cyber attacks that target top priorities.
We all should have a strategic communication plan in our companies. Do not wait until you are in the midst of a cyber attack to brainstorm all the key points with your board, shareholders, and clients. Additionally, do some research on how companies have managed their communication strategies against another recent ransomware attack.
Our government officials can also help themselves by spending some time to educate themselves about cyber threats. Private and public sector executives have to develop some contacts, gather insights, and improve their instincts on cybersecurity to stay ahead of the curve. One way is having set products that could help you see attacks coming and organize them, in a way that helps you save time and money. One of such platforms is Security Orchestration Automation Response (SOAR) and its leader CyberSponse.
CyberSponse Inc., a global leader in cybersecurity automation and orchestration, helps accelerate an organization’s processes, security operations teams and incident responders. The CyberSponse platform enables organizations to seamlessly integrate, automate and playbook their security tool stack, enabling better, faster and more effective security operations. With a global presence, offering an enterprise platform, CyberSponse also enables organizations to secure their security operations teams and environments. For more information, visit our homepage.
For more on Incident Response and how to use playbooks in your organization please check out our other website: IncidentResponse.com.