You’d have to have been stranded on a desert island with no internet connection this weekend to not have read about the breaking news story that the biggest ever cyber-attack ever seen had taken place.
In the UK, the biggest impact was on our NHS, which ground to a halt on Friday afternoon amidst news that it had suffered an unprecedented ransomware attack.
As well as the sheer scale of the attack, two factors really make this stand out from other ransomware attacks:
- it actually made the headlines breaking news
- ) we can all feel a personal impact that the NHS, OUR NHS, was under attack, and our data was being held to ransom. This made us angry. Who would attack the NHS whom are simply trying to save lives?
As such, there has been an enormous media backlash and much speculation about how and why this was able to happen, and whilst the detail is important so that we can understand what went wrong, it’s not going to turn back the clock and I think that it would be my duty to make the best use of your time to actually help you to not become the next victim.
If you’ve ever attended one of our seminars, you may remember the reasons why I say a reliance on technology can present a risk, many of which were in play during the recent attack: malicious software, legacy systems, unpatched systems and human error. Unsurprisingly the breach also echoes the reasons for why we aren’t better at cyber security: It’s an IT thing, transfer of responsibility, investment, reliance on common sense, lack of regulatory pressure and… “It’ll never happen to me!”
Also, if you have ever seen me speak, you’ll know that I always preach that cyber security needs to be addressed from both the technical and human angle, and this is the same for fending off a ransomware attack.
My top tips for ensuring that you are protected against ransomware are as follows:
- ALWAYS ensure your systems are patched to the latest releases
- Do not rely on unsupported systems – both machines, hardware and software
- Ensure your staff are trained about cyber risks and know when to spot phishing attempts
Of course, we are not infallible, and should a breach be successful, the best advice is to disconnect from the internet as soon as possible, unplugging your machine right away if you need to and inform your IT team as soon as possible. Speaking up can provide you your technical teams vital minutes you need to stem the impact of the attack. DON’T bury your head in the sand.
It’s expected that we will see more attacks over the coming days and weeks, and beware of copycat attacks too that try to take advantage of the situation; such as other emails pretending to be the ICT team asking you to “click here” to resolve the problem.
For the evangelists in the industry I suppose there’s a slight case of schadenfreude. An attack this close to home may unfortunately be the wake up call we needed to take a step back and look our own businesses, our data, and ourselves, and what might our own Cybergeddon look like?