Cyber Security: A Case-Study of WannaCry
What is WannaCry?
“It’s the name for a prolific hacking attack known as “ransomware”, that holds your computer hostage until you pay a ransom” – WannaCry ransomware: Everything you need to know, CNET
On 12 May 2017, WannaCry had encrypted data on at least 75,000 computers in 99 countries, with European countries, including Russia being the most affected. By 15 May, it has brought down more than 200,000 computers in 150 countries have been affected. The victims include hospitals, banks, telecommunications companies, warehouses and many more.
Once a computer is infected with WannaCry, it will encrypt all he data. The program will then put up a screen demanding a ransom in the form of virtual Bitcoin in order to gain back access. The ransom will increase over time until the end of the countdown, and that is when all the files will be destroyed.
There are several factors that resulted in the widespread of WannaCry. One of the biggest contributor is that large number of computers did not have Microsoft’s patch installed or ran versions of Windows for which there was no patch. Researchers had shown that an unpatched computer that was connected to the Internet could be infected in a matter of minutes. Another contributor to the widespread is that vulnerable systems are very concentrated, with some organisations having hundreds or thousands of unpatched computers deployed. Such organisations include government agencies, banks, hospitals, telecom providers, manufacturers and universities. For instance, it crippled Britain’s National Health Service and disrupted surgeries.
While it is easy for small organisations with a significant sum of IT budget to apply a security patch immediately, large organisations with complex processes will require a much longer time to upgrade their software and processes. For instance, NHS in UK still has key equipment such as MRI scanners that are running on outdated XP programme, and it is extremely costly to update these hardware. This resulted in thousands of operations and appointments to be cancelled. Computer security experts said it could take weeks for the NHS to unlock or replace the computer systems that are affected by WannaCry.
Rob Wainwright, director of Europol, believes that the recent failings in cyber defences were more to do with lack of leadershop in large organisations. Leaders in organisations have failed to recognise that in order to deter and minimise the potential of cyber attacks, they need to ensure that their operating systems are constantly updated and patched across all networks.
“It’s frustrating frankly, because in the health sector there have been multiple ransomware attacks, in the United States, in Europe, for the last two years, long before WannaCry came along, and so the lessons should have been heeded by now” – Rob Wainwright, Director, Europol, to BBC
There are many large organisations who either do not have enough IT staff or undermine the potential of a cyberattack. Leaders need to recognise that there is no one-size-fits-all solution to cyber security. They should not rely on one process to stop malware. There should be multiple methods that complement each other to detect and stop attacks.
Cyber Security for Non-Technical Personnel is is a course that takes participants through a journey of hacking, vulnerabilities, data breaches, etc. Participants will examine the various ways in which hackers can potentially conduct cyber attacks on organisation and individual. They will also be taught how to set up defences against attacks using the principles of Security Information and Event Management. All the knowledge obtained can then be applicable to the operations and processes of their organisation.For more information, please visit us at http://www.opuskinetic.com/training or contact us at info@opuskinetic.com
Opus Kinetic believes that people are why organisations are successful, and giving people the knowledge to perform well at their job is integral for success. We pride ourselves as the premier provider of knowledge, offering acclaimed in-house training, leadership training courses, oil and gas training courses, courses that target health safety and environment, etc. Our training courses are well researched and updated with the latest industry trends. For more information on our professional training programs, you can visit us at http://www.opuskinetic.com/training.