In May 2017, one of the largest cyberattacks in history brought to a halt more than 200,000 computers across the world, encrypting the stored data and demanding a ransom from the affected users. The name of the strain of ransomware behind this attack is WannaCry. Unlike other ransomware attacks, which typically spread through malicious online advertising and compromised software installation packages, WannaCry used a critical vulnerability in Windows computers, which allowed it to spread across organizations’ networks. As of last year (2020), WannaCry is still one of the most widely used types of ransomware attacks with North American MSPs reporting 49% of ransomware attacks being WannaCry.
What’s perhaps even more startling than the massive impact and rapid spread of WannaCry is the fact that it’s just one of 390,000 new malicious programs registered every single day. According to the British insurance company Lloyd’s, cyberattacks cost businesses as much as $400 billion a year. SafetyDetectives conducted a survey and found that approximately 46-54% of North American organizations said they had been impacted by a ransomware attack within the last year. They also predicted that the average cost of downtime due to a ransomware attack would be $283,800.
Given the bleak state of the current threat landscape, the question that everyone wants to know the answer to is simple: How can businesses stay on top of the latest cyber threats? We don’t need to look far to find answers to this question.
Patch Early, Patch Often
It would be easy to put the blame for the WannaCry ransomware outbreak on Microsoft, but that wouldn’t be fair at all. “A month prior [to the outbreak], on March 14, Microsoft had released a security update to patch this vulnerability and protect [its] customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected,” explained Brad Smith, Microsoft’s president and chief legal officer.
According to the Department of Homeland Security, as many as 85 percent of targeted attacks are preventable through basic risk-mitigation measures, such as early patching. It’s understandable that system administrators try to minimize downtime as much as possible, but it’s important to realize that the downtime caused by patching is just a fraction of the potential downtime caused by cyber incidents. Early and frequent patching should be any business’s first line of defence.
Use a Reliable Cybersecurity Solution
According to Symantec, an American provider of security products and solutions, WannaCry first appeared on May 12, and the company was actively blocking over 80,000 exploit attempts of Windows computers by the ransomware per hour just a few hours after the outbreak started. Using a reliable cybersecurity solution, such as Palo Alto Networks, helps ensure your organization is leveraging best-in-class security technology to protect you from evolving threats. Discuss with your security team or your provider to see how they are staying on top of the threat evolution.
Advocate Sound Security Practices
“Employees are, unwittingly or not, one of the weakest links in an organization’s cyber security architecture and are often the source of data breaches. EY’s Global Information Security Survey 2015 discovered 44 percent of executives consider employees the greatest cyber security vulnerability in their organization,” states EY, one of the largest professional services firms in the world.
Given that 63 percent of data breaches involve default, weak or stolen passwords, it’s evident why businesses need to educate their employees and advocate sound cyber security practices and policies. Employees must know which emails can be safely opened and which should be avoided. They must understand the common causes of malware outbreaks as well as the extent of the damage they cause.
Any business can stay on top of the latest cyber threats by establishing a solid security foundation based on commonly advocated security practices, such as early patching and employee education. Just like these practices were applicable 10 years ago, they will surely be relevant 10 years from now.
Athena Cloud can help you stay protected in our ever-evolving threat landscape. Our fully-managed security platform leverages best-in-class technologies to ensure our clients are protected from both known and unknown threats. Our managed security offerings provide integrated Intrusion Prevention Services (IPS) as standard and deliver leading-class anti-malware protection and URL Filtering that can be configured to your company’s exact requirements. For more information contact us.