The recent WannaCry incident was the most significant cyber-attack in recent memory. Having initially infected systems across various NHS trusts in the UK, the ransomware spread quickly and ended up affecting 200,000 computers globally.
As soon as the news first broke on Friday, 12 May it seemed to take everyone by surprise —except those of us who work within cyber-security.
The unfortunate truth is that an attack of this scale was simply inevitable. Despite the fact that, according to UK government research, “just under half (46 percent) of all UK businesses identified at least one cyber-security breach or attack in the last 12 months”, there are still too many businesses working on IT systems that are outdated and extremely vulnerable to attack. Just as we've seen over the last few weeks, it takes a major cyber-attack for businesses to really sit up and pay attention to the issue that's staring them in the face, at which point it's too late for many to properly defend themselves.
It is also not surprising that, of all the potential targets for hackers to choose from, the NHS was at the top of their list. The hospitals and GP surgeries that suffered as a result are all home to troves of personal and confidential information that is extremely valuable to online criminals. Once the systems have been compromised and this data has been seized, it can be leaked online and used by others for malicious purposes.
The most important thing that all businesses can learn from this recent event is that the modern-day online environment requires a proactive approach to cyber-security. They must understand the different types of attack they are at risk of, and the ways that can effectively protect themselves against them.
Beware of malware
The recent WannaCry incident that made global news headlines was a particularly deadly form of ransomware, which highlights just how powerful malware attacks can be in certain situations or environments. Not only are they capable of denying users all access to their computers and systems, but they can also spread at alarming rates — something we were able to witness almost in real-time as the news unravelled on that fateful Friday.
Of course, malware is just one of many different forms of cyber-attack, and businesses should be aware of each one as well as the ways in which they can affect and spread across systems. There is no universal, tried-and-tested method for dealing with all cyber-attacks; a malware outbreak will require very different measures compared to phishing scams, for example.
However, there is one effective way of making sure your business is protected against all forms of cyber-attack, and that's by implementing the necessary defences to make sure they can't affect your system in the first place. To do this, many choose to work closely with a trusted IT provider that can offer cyber-vulnerability detection as a service.
On a broad level, cyber-vulnerability detection involves carrying out a thorough scan of your business' entire IT infrastructure and patching up any vulnerabilities that are found in the process. More technically speaking, your business and your chosen IT provider will look carefully at the vulnerabilities that are found and identify how each one could be used by hackers to gain unauthorised access to your system. Once this has been fully determined, the appropriate measures can be taken to fix each vulnerability and ensure that your system is as watertight as possible.
There are numerous reasons why cyber-vulnerability detection is so beneficial. Firstly, and most importantly, it mitigates the risks associated with various forms of cyber-attacks by fixing vulnerabilities that can often only be identified by IT security professionals. Secondly, it can save businesses a significant amount of money in the long-run — the cost of carrying out detection is far cheaper than the fall-out from a major cyber-attack. Last but not least, it helps to maintain the overall reputation of the business, while also future-proofing themselves against attacks as they continue to grow in their sophistication.
Cyber-attacks carry a significant amount of risk, and in light of recent events there has never been a better time for businesses start taking the issue seriously. While the threat is unlikely to dissipate any time soon, businesses have the power to shield themselves and to ensure they aren't the next name to be splashed across news headlines in the near future.
Contributed by Gavin Russell, CEO, Wavex
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.