security

WannaCry Ransomware Hits Hard in 2019

If your organization was pummeled by the WannaCry virus last year, you’re not alone: nearly a quarter of all ransomware attacks were of that variety. And the damage it did was staggering.

That’s according to PreciseSecurity.com, which reported that WannaCry was the most common crypto ransomware attack of 2019, accounting for 23.56% of all such assaults globally.

The article also estimates that about 230,000 computers were attacked during the year, at a total cost of $4 billion. WannaCry targets Windows computers, which have been notoriously insecure for decades.

It’s Not Microsoft’s Fault

The sad fact, however, is that most of the fault doesn’t lie with Microsoft; Windows has been made much more secure with each new iteration, with Windows 10 its most bulletproof operating system yet. The issue is more about IT failing in its basic duty to secure its environment.

The PreciseSecurity article goes on to show that most of the compromises were due to factors other than Window’s inherent security, or lack thereof: the top cause of the breaches was spam and phishing emails, at 67%. In second place was a lack of cyber security training, at 36%. I would argue, however, that those are essentially the same thing—organizations are commonly lax when it comes to training users to spot potentially harmful email.

Coming in third place was another common security bugaboo: weak passwords, which were responsible for another 30% of attacks.

The More Things Change…

It’s interesting that so many of the same security issues keep cropping up year after year. The type of attacks may change, but the common denominator is that the vast majority of attacks could be stopped by simple measures. In the case of WannaCry, for instance, keeping Windows updated with the most recent patches would go a long way toward fixing this crisis.

Proper training of users is another key factor that too many companies ignore or treat superficially. Companies should train users in the basics of spotting suspicious email, yes, but they also should be trained in how to defeat social engineering, which remains a top threat.

In addition, users should be regularly retrained on the latest threats, and to reinforce what they’ve previously learned. Remember that the bad guys change their attacks—most users are educated enough these days to delete the offer from the Nigerian prince, but may fall for the fake overdue invoice that needs urgent attention.

Next, it’s important to keep up with security products and see what new stuff is coming out that may help. One of the most promising areas of late is microsegmentation, which has the ability to stop attacks that do penetrate your network defenses before they do massive damage. Have you been learning about microsegmentation? If not, it’s time to start.

The 3-2-1 Rule

Finally, the wise admin will make sure—100%, completely, totally sure—that precious organizational data is backed up, and that the backups are valid. Remember the 3-2-1 rule: have at least 3 copies of your data, with 2 backup copies on different storage media, with 1 of those backups located offsite. Never forget the wise words of security guru Trevor Pott: if your data doesn’t exist in at least two places, then it doesn’t exist.

The valid backup point should not be missed: stories of admins who needed a backup because of a compromise or disaster, only to discover that the backups themselves were compromised or garbage, are legion. Don’t let this be you.

So this is the best New Year’s Resolution of all: stay safe in 2020. You don’t WannaCry because of steps you could have taken to protect your organization and yourself.