PHOTO
23 May 2017
‘WannaCry’, the latest ransomware attack that struck worldwide, reinforces the need for proactive risk management among companies and governments.
“As we get more digital connected devices that have control over machinery, this could be a serious issue, for example for power stations, traffic lights and other critical infrastructure,” Mark Skilton, cybersecurity researcher and professor of practice in the information systems at Warwick Business School told Zawya in an email interview highlighting some of the major risks of such attacks.
“Operational risks in a hospitals can be fatal if patients are not managed and cared for with timely information. Banking and transport entities would have problems in customer management and loss of data records,” he added.
In this latest attack, the Windows XP weakness limited the impact. Even with 150 countries and more than 300,000 computers affected, it is still a small proportion of the worldwide PC market.
“The issue is that ransomeware will likely become able to attack newer software versions and it’s a constant battle for vendors and governments to respond to this,” he added.
Global consultancy firm PwC expects that there will be more attacks because the exploits and techniques used in ‘WannaCry’ were only recently leaked, and similar documents were published by WikiLeaks in March 2017.
“Every breach will empower independent actors with tools heretofore held by governments. Ransom, blackmail, surveillance, shutdown, and data manipulation are all more feasible than they were only a few months ago,” said PwC’s Strategy& in a recent note.
The core issue is over National Security Agency and other cyber weapons experts’ use and management of cyber weapons, Skilton said.
“Much like a high category biological weapons virus research centre, they should work in extremely high standards of access and protection as the viruses they work with have mass destruction capability and must never be public, similar to nuclear weapons and other lethal devices and assets,” he added.
PwC highlights five key factors for companies to build resilience against such cyber security threats:
1-Robust digital hygiene: Microsoft had released a patch for WannaCry’s Windows flaw in March this year. So the companies using the latest update were protected, while many of the attacked companies were using outdated operating system software.
2-The ability to detect intrusive behaviour: Companies with effective risk management practices are attuned to detecting behaviour common to intruders.
3-Thoughtful design of IT infrastructure: The systems need to be designed to protect information differently depending on how critical or valuable these assets are.
4-Advance planning and rehearsal: Organisations need to prepare a decision matrix in case it gets hit by a ransomware attack, similar to advance plans in case of fires and other emergencies.
5-Early adoption of cloud technology: Cloud-based systems provide automatic updates in real time and accumulate data about intrusions.
Further reading:
© Express 2017
‘WannaCry’, the latest ransomware attack that struck worldwide, reinforces the need for proactive risk management among companies and governments.
“As we get more digital connected devices that have control over machinery, this could be a serious issue, for example for power stations, traffic lights and other critical infrastructure,” Mark Skilton, cybersecurity researcher and professor of practice in the information systems at Warwick Business School told Zawya in an email interview highlighting some of the major risks of such attacks.
“Operational risks in a hospitals can be fatal if patients are not managed and cared for with timely information. Banking and transport entities would have problems in customer management and loss of data records,” he added.
In this latest attack, the Windows XP weakness limited the impact. Even with 150 countries and more than 300,000 computers affected, it is still a small proportion of the worldwide PC market.
“The issue is that ransomeware will likely become able to attack newer software versions and it’s a constant battle for vendors and governments to respond to this,” he added.
Global consultancy firm PwC expects that there will be more attacks because the exploits and techniques used in ‘WannaCry’ were only recently leaked, and similar documents were published by WikiLeaks in March 2017.
“Every breach will empower independent actors with tools heretofore held by governments. Ransom, blackmail, surveillance, shutdown, and data manipulation are all more feasible than they were only a few months ago,” said PwC’s Strategy& in a recent note.
The core issue is over National Security Agency and other cyber weapons experts’ use and management of cyber weapons, Skilton said.
“Much like a high category biological weapons virus research centre, they should work in extremely high standards of access and protection as the viruses they work with have mass destruction capability and must never be public, similar to nuclear weapons and other lethal devices and assets,” he added.
PwC highlights five key factors for companies to build resilience against such cyber security threats:
1-Robust digital hygiene: Microsoft had released a patch for WannaCry’s Windows flaw in March this year. So the companies using the latest update were protected, while many of the attacked companies were using outdated operating system software.
2-The ability to detect intrusive behaviour: Companies with effective risk management practices are attuned to detecting behaviour common to intruders.
3-Thoughtful design of IT infrastructure: The systems need to be designed to protect information differently depending on how critical or valuable these assets are.
4-Advance planning and rehearsal: Organisations need to prepare a decision matrix in case it gets hit by a ransomware attack, similar to advance plans in case of fires and other emergencies.
5-Early adoption of cloud technology: Cloud-based systems provide automatic updates in real time and accumulate data about intrusions.
Further reading:
- Weekend break slows WannaCry attacks in UAE
- Oman weathers ransomware cyber attack
- Did North Korea play a role in global cyberattacks
- WannaCry Businesses worldwide brace for fresh ransomware cyber attacks
- Cyber attack could spark lawsuits, but not against Microsoft
- Call for collective action against cyber attacks
© Express 2017
