Information security lessons to learn from WannaCry, the ransomware attack

Pablo Marco (CIO SFAI Risk & IT) Pablo Fudim (CTO SFAI)

Information security lessons to learn from WannaCry, the ransomware attackWannacry has been one of the most mediatic cyberattacks of recent times. It is surprising to see how the news of a computer virus attack, relatively common in the cybersecurity world, has headlined many news programs, due to its scope, being the most complex and widespread attack of the last year and affecting a large number of companies, including some of the leading companies, over more than 150 countries.

This massive cyberattack responds to the typology of malware known as ransomware, which could be considered as a data hijacking, since the modus operandi of the cybercriminals consists of spreading files that infect the computers making inaccessible their sensitive data, and requesting the payment of a ransom for the release of this information.

This type of virus is currently one of the most common and most effective. In addition, after the attack of last week, everything seems to indicate that the vulnerability that has facilitated its execution, will cause new similar attacks that are going to be created in the coming months.

But even though wannacry has been a very complicated challenge, it is important to know that situations like this one are day-to-day of many cybersecurity experts and it is likely to be an important part of the risk analysis phase of a company’s security management strategy.

Regardless of the size of our company, our data must be protected against this kind of threats, and we must know how to act, for prevention, identification and in case we are affected, in recovery. The following is a series of basic measures that any company may keep in mind to protect against new forms of mass attacks:

 Updating systems with latest patches: the best way to prevent attacks is to be aware of the updates released by systems providers, as they solve the vulnerabilities that attackers often take to create new threats and viruses. Our computer experts should be aware of the latest updates and apply them properly. In the case of wannacry, Microsoft has already released patches to protect their systems.

 Train employees and inform of basic security measures: employee awareness is a key aspect of security management, as they are the weakest link of the chain and the focus of many threats. It is important to design trainings that are based on clear and direct messages, emphasizing any dangerous actions that are usually executed by users. As an example, employees should be aware of the importance of avoiding the download and execution of suspicious files whenever we doubt the sender’s trust or a simple action such as disabling the execution of macros in Microsft Office files, when they are not necessary, as both are usual ways of infection

 But if we get infected, the most effective way to solve problems is through a proper backup management: backup management is key to recovering our information from external attacks and other situations. Therefore, defining the best periodicity of the copies and being prepared for their recovery (for example, testing regularly) are two ways to prepare for any problems.

Information security lessons to learn from WannaCry, the ransomware attack

 And above all the mentioned, the most important message of all is that in the case of an ransomware infection, the payment of the ransom is the worst possible solution, even if in case of desperation or ignorance, some use to fall into this error. Paying to cybercriminals can be a way to attract more attacks of this type and we are not sure that the problem will be solved.

At present, maintaining a correct management of the computer security is the best tool to face risks of this type, avoiding collateral damages. Two ways to achieve this objective are creating the figure of chief information security officer (CISO), in charge of data protection, dedicated to developing an IT risk management system, and to carry out periodic audits to evaluate the IT environment with the help of expert IT auditors.

These solutions can lead any company to a situation of maturity in the management of the most valuable asset: the information.