The latest WannaCry ransomware outbreak has shown us that cyber security isn’t some mystical beast that cannot be slain. It was more a demonstration of how lacking good cyber hygiene can come back to bite you in the butt.
Sure, we can lay blame on the NSA and US Government for hiding an vulnerability and exploit from a vendor for years, but that’s something that is out of our scope of control as business owners and decision makers. What is within our scope of control, however, is keeping our systems up-to-date and understanding our risks.
From what we know of WannaCry now, it spread differently than previous ransomware. Up to now, most ransomware has spread through phishing emails that social engineer end users into spreading the malware for the attackers. WannaCry used a worm-like method to attack systems through a flaw in the service that allows Windows users to share files over a network (SMB). Researchers as still reviewing forensic data to determine the full story, however.
In this case, three cyber hygiene actions could have prevented the widespread outbreak: patching, secure configuration, and life-cycle management.
Microsoft released security bulletin MS17-010 on March 14th with a rating of critical. The WannaCry outbreak started on May 12th. That is almost 2 months after the release of the patch. Even the slowest patch cycle is around 1 month. Most systems, however, should be patched automatically.
Your computer systems should be configured in a secure manner to start. Many configuration items are set by default by the vendor to reduce the number of calls back to their help desk. Unfortunately, these settings also open the software up to vulnerabilities and weakened protections. In the case of WannaCry, an older version of the file sharing protocol (SMB version 1) was still allowed by Windows even though it should be long deprecated. Microsoft has a habit of doing this for backwards compatibility just in case you need to connect that old Windows 95 machine with your brand new Windows 2016 server (no, this is not okay). Disabling SMB version 1 would have also reduced the spread of WannaCry. Additionally, any Internet facing systems should have SMB blocked completely. There is no reason to share resources like that over the open Internet. This is purely an internal network function.
Finally, life-cycle management would have greatly reduced the spread of this ransomware variant. Microsoft released an emergency patch for Windows XP and Windows 2003. Both of these operating systems have terminated normal and even extended support. The only reason Microsoft even had patches was because some larger companies are paying Microsoft big bucks to help them migrate to newer platforms. All businesses should plan for a 3-year system lifecycle. This will assist you in all aspects of upgrading hardware, operating systems, and end-user software. The most important aspect of this planning is the budget. Many companies don’t upgrade because they don’t plan the expenses. Just like you wouldn’t drink milk from 15 years ago, you shouldn’t use an operating system that old either.
Granted, must of this is hindsight from a particular malware outbreak. However, there are many other actions you can take to reduce the risk that you’ll be infected next time. This is the truth of cyber security. There is no one thing or silver bullet that will solve the problem. Just like keeping your body health, your car running, or your home in good repair, it’s a process.
What will you do to protect your business?
Contact us today for a free and confidential consultation.