May 15, 2017Industry insights,
Cyber crime can even affect our health
Ransomware is becoming a prolific problem that high profile businesses need to take more seriously.
Last Friday, the NHS had what can only be described as a rude awakening, as they were on the receiving end of a rather nasty ransomware attack, WanaCryptOr, or WannaCry as it’s also being referred to. They weren’t alone though, as this particular variant also affected multi-national organisations such as FedEx and Telefonica (O2), businesses that spend millions of pounds every year on their cyber security. It uses known exploitations and vulnerabilities in Windows, and specifically in the first iteration of Service Messaging Block (SMB), which, for most businesses, remains in use for backward compatibility. For this reason, a system update and patch was released back in March, which rectifies this vulnerability.
It brings into question the importance of patch management and the increased risk involved when operating with old and unsupported equipment. In December 2016, it was reported that nearly all the NHS trust were running versions of Windows that had reached their ‘end of life’. In effect, they were no longer being supported by Microsoft and could no longer be considered ‘secure’. In fact, this equated for approximately 90% of the NHS trust’s systems. Any business that runs this many end of life machines on unsupported software, would know that they are a ticking time bomb.
Throughout the weekend, the National Cyber Security Centre had teams of people working around the clock to get the NHS back up and running. Over this time, operations had to be cancelled, ambulances had to be diverted and patient information was unavailable. This specific attack comes only one day after the NHS were warned that they were in serious risk of this type of infiltration.
What could the NHS have done differently?
Firstly, it’s not been made clear if the NHS had a robust backup system in place. If they did, it doesn’t prevent ransomware from taking place, but it changes the outcome. With secure backups in place, you will (with the help of your IT department) be able to recreate your entire network. Without the ability to completely replicate your entire server image, you will be at the mercy of some unscrupulous individuals.
Secondly, running ‘end of life’ machines and unsupported software, although may not have caused this particular incident, will almost certainly not have helped. If they had been running their network on well maintained and current systems and software, it’s likely they would also have had more robust IT security in place that, with the regular patches, would have helped them to remain safe.
The NHS should recover from this attack, if only because it’s an interest of national security and it’s clear the government has been involved in ensuring their services and systems have been resumed to normal operations.
But, what would have happened if this was your business and how would you have coped with this type of attack?
If you can take any teachings from this situation, firstly, ensure you have a robust on and off-site backup system in place, following the 3-2-1 rule – three backups, two locations and one off-site, and secondly, conduct an audit of your patch management systems to ensure you have the most recent updates installed, and especially the recent Windows update from March.