The WannaCry ransomware infestation is a wake-up call for all entities connected to public networks, such as the internet, to recognise cyber security is a necessity and not a nice-to-have. This extensive ransomware attack is non-targeted and global, so any computer system that’s accessible and lacking recent Microsoft patches will be completely vulnerable and could be infected right now.
Organisations only implement robust cyber security programs if mandated or legislated. Yet, maintaining a robust patch management and network segmentation policy would have almost completely mitigated the threat of this ransomware infection.
In order to reduce the risk of infection, we recommend the following 8 steps; organisations must:
- Patch or update all Microsoft software, the lack of patching is the most common reason leading to being hacked (as we’ve see with the current WannaCry ransomware)
- Use vendors’ response recommendations. Microsoft and major anti-virus vendors have provided detailed mitigation steps.
- Backup critical systems and ensure they’re not connected and online; the rotation of backups is also highly recommended.
- Ensure incident response plans and procedures are available, understood and encompass all aspects of the organisation such as legal and Public Relations considerations.
- Disable and/or block all server message block services and traffic
- Monitor computer systems for peculiar behavior such as network traffic spikes
- Treat unusual incoming e-mails as suspicious
- If a system is suspected of being infected, either remove it from the network (pull the network cable) or shut the system down
Foregenix has developed a Managed Threat Detection and Mitigation service, utilising our Serengeti solution, to help companies of all sizes mitigate their cyber security risks. If you would like advice or would like to enquire, contact us here or download the brochure.