What do Renault, FedEx, Germany’s Deutsche Bahn, Telefonica in Spain and the NHS in the UK have in common?
They all fell victim to WannaCry last week.
It’s become apparent that infected computers had not been patched, or devices were too outdated to be patched.
SophosLabs has determined that WannaCry was a new type of ransomware that spread like a worm by leveraging known vulnerabilities.
A worm replicates itself on computers via a network connection, often infecting computers by exploiting bugs in legitimate software.
Individuals with even the most rudimentary knowledge of information security will know that software systems need to be frequently updated with necessary security updates, and that systems must be properly configured and updated with the latest software.
It’s also not rocket science that processes should be in place to continually monitor security threats.
So why do large organisations with heavyweight security teams fall victim to such attacks?
The answer is of course, unmanaged vulnerabilities. The success of WannaCry and other similar successful attacks (remember Heartbleed?) have all relied on failures on this front.
We’ve been warned that the likelihood of a repeat case rises considerably in the wake of successful attacks such as WannaCry, so, before the next copycat attack hits you off guard, we’ve compiled a few tips to ensure your business takes the necessary precautions.
Prepare for the next attack now:
- Stay on top of all patch releases and apply them quickly.
- Improve your patching policies.
- Replace older Windows systems with the latest versions.
- Schedule and test your backups frequently.
- Upgrade software before support ends.
- Build and test your incident response team.
- Keep yourself up-to-date with information on the latest security threats.
- Use Anti-Virus software at all times.
- Consider adopting an information security management system (ISMS) aligned to ISO 27001.
Get one solution for all your cyber security needs: Get ISO 27001.
ISO 27001 provides the basis for managing data security using an integrated set of policies, procedures and technology, tied together into an ISMS (information security management system). Find out how ISO 27001 can reduce your cyber risk by downloading your free guide here.
Be better prepared for a cyber attack with proven solutions delivered by the team who led the world’s first successful ISO 27001 implementation.
Source: Helpnet Security