You will all be aware of the ransomware cyber-attack which started early on Friday 12 May and impacted IT systems in over 150 countries, including those of a large number of NHS Trusts. Many organisations have been dealing with the fall-out of this attack over the weekend.
Ransomware is a form of malware that encrypts its victims’ data and then demands a payment to unencrypt. The particular form of ransomware being used in the current attack is known as ‘WannaCry’. This malware was developed using a weakness in Microsoft Windows operating systems.
Microsoft identified this weakness in March and issued a software update (or patch) to address it. The organisations particularly vulnerable to WannaCry are therefore those which run on Windows operating systems that have not been patched since March. Organisations running on Windows XP are particularly vulnerable as this is an operating system Microsoft no longer supports and so does not issue patches for.
So what can businesses do? The National Cyber Security Centre (NCSC) has recommended organisations urgently take the following actions, if they have not already:
- Download the latest Microsoft patches immediately. Especially MS17-010 released in March which addressed the specific vulnerability that WannaCry exploits (note that Microsoft has now released a patch for organisations that still use Windows XP).
- Back-up all data and store this on an offline hard drive.
- Install antivirus software to reduce the risk of infection.
The full NCSC guidance on reducing the threat of ransomware, which we fully endorse, can be found on the
NCSC website
It is critical that, in addition to addressing the immediate recommendations of the NCSC, processes and governance around cyber security are reviewed and, where necessary, strengthened across your organisation. When it comes to making decisions regarding cyber risks, organisations should aim to establish clear standards for staff to follow, allow transparency and facilitate communication across the business.
Our advice to senior leaders is as follows:
- Work with your IT team to ensure that critical assets and services that must be protected from cyber-attack have been clearly identified;
- Obtain assurance that IT policies and procedures, including those covering security, resilience, patching and back-ups, are in place and that they meet the recognised industry standards and are subject to regular review;
- Facilitate organisation-wide communication in order to enhance security awareness across all staff;
- Develop and test crisis and incident management capabilities;
- Understand the role that third party service providers play within the delivery of IT services across your organisation. Following this, confirm that appropriate contractual and assurance arrangements are in place in order to provide assurance that they are have implemented the appropriate security measures; and
- Review your risk management activities in order to refresh and enhance your view of IT and cyber risks.
If you would like to discuss with our specialist Cyber Security team, please contact us.