The top three actions to reduce the risk and impact of a WannaCry type Cyber Attack at a business
- Perform regular Staff Awareness specifically on spotting Phishing Emails
- Have a robust Patch Management Processes. Ensure all Microsoft Windows systems have Microsoft Critical Updates applied quickly - they are marked as critical for a reason!
- Have Anti-Virus running on all Microsoft Windows systems, with AV definitions kept up-to-date
There are further security risk-reducing steps like filtering web traffic, ensuring data is regularly backed up, security monitoring, and network segmentation, but the above three are the most simple and most effective in terms of prevention against this type of attack, especially within the SMB space where security budgets are limited. Expect further versions of the WannaCry ransomware.
The Reasons Behind this Advice
(1) The WannaCry ransomware infects an initial system via a phishing email, the user executes the malware within an attachment or through a weblink. The Microsoft security update will not stop the initial ransomware execution, (3) but updated Anti-Virus system now blocks the current strain of the malware from executing. (2) The Microsoft MS17-010 security update stops WannaCry from rapidly propagating (i.e. worm malware) from the initially infected system to other vulnerable Windows systems (without the MS17-010 update) attach to the local network.
For full details about WannaCry see my other blog posting -
No comments:
Post a Comment