6 Key Lessons Learned From WannaCry

Guest post by Tiffany Rowe

When the WannaCry ransomware attack quickly spread across hundreds of thousands of computers in more than 150 countries, it served as a wake-up call to many IT administrators who might not have understood the seriousness of the malware threat yet. Although the attack was relatively short lived, the lessons that we can take away from the incident are important and vital to any administrator who wants to prevent falling victim to a large-scale attack in the future.

1. Ransomware Is a Serious Concern

For many people, in the overall scheme of potentially devastating cyber attacks, ransomware is more of an annoyance than a serious threat. In fact, many individuals who have had their devices encrypted have been advised by law enforcement or security professionals to simply pay the ransom and move on, especially when the demand is relatively small.

However, WannaCry has many people changing their tune about ransomware and recognizing it as the threat that it is. For starters, there is never a guarantee that all files will be returned or that they won’t be corrupted during the encryption-decryption process. In addition, there’s no guarantee that the hackers aren’t copying or otherwise exposing files that they have encrypted, meaning that a ransomware attack must be treated like any other data breach. In other words, WannaCry served to underscore the fact that ransomware is much more than a minor annoyance, and needs to be treated as a serious threat.

2. Patches and Updates Are Important

Installing updates and patches has long been recommended as a means of protecting computers and networks against vulnerabilities that could lead to major security incidents. As WannaCry revealed, though, that doesn’t mean everyone is taking that advice. About 98 percent of the devices that were infected by WannaCry were Windows devices that were not updated with a patch released back in March. Machines that had been updated and patched were not affected by the ransomware. If nothing else, the WannaCry attack serves as a reminder to not ignore update notices and stay on top of patching – or face the consequences.

3. The IoT Remains at Risk

While the WannaCry attack was not directed at IoT devices like televisions, refrigerators, or medical equipment (and there is no evidence that any such device was infected), it did remind device developers that the IoT is vulnerable to future attacks. Many users don’t realize that their IoT devices are, at their essence, small computers and need to be protected as such. Unfortunately, compounding the problem is the fact that many device vendors haven’t yet made security a priority, meaning that most IoT devices don’t have password protection, can’t be updated (or updates aren’t sent out regularly), and can be easily tampered with or compromised by hackers. With the potential risks that a ransomware attack could create (imagine medical devices being shut down or compromised until a ransom is paid), WannaCry makes IoT security an even bigger priority.

4. Disaster and Recovery Planning Should Be a Priority

When was the last time that your organization’s disaster and a recovery plan was reviewed, tested, and updated? Many security experts believe that it’s not a question of if another attack will take place, but when it will occur. IT administrators must be aware of the risks and have a comprehensive plan in place to respond to such attacks and mitigate the damage. Don’t wait for news of a major security incident to prepare or review your plans.

5. Backups Are Vital

Backups are an important aspect of any disaster recovery plan, and even more so when it comes to ransomware. In the case of WannaCry, many victims restored access to their files using backups after disabling the ransomware. As hackers become more sophisticated, the possibility of such a relatively “easy” fix will diminish, but maintaining comprehensive, off-site backups will remain a vital part of recovery. Don’t leave your backups to chance; monitor them to ensure they are working correctly, and that you don’t end up with lost or partial backups.

6. Segmenting the Network Is a Priority

Finally, WannaCry also highlights the need for organizations to segment their networks. By splitting the network into smaller sub-networks, it becomes easier to contain outbreaks like WannaCry and other major attacks. Instead of the malware infecting the entire company, security teams can keep it contained, thereby limiting losses and the time required for a full recovery.

As ransomware attacks become more frequent, we’ll undoubtedly learn more about how to protect against them. In the meantime, take the lessons learned from this latest incident to heart, and boost your security presence now.

————

Tiffany is a leader in marketing authority, she prides herself in her ability to create and provide high-quality content that audiences find valuable.