Wannacry – What should you be doing?
May 31, 2017
Wannacry, the cyber-attack that crippled numerous organisations around the world recently, was a simple global attack on Microsoft Windows XP and similarly outdated operating systems.
Organisations that maintain such outdated systems – often because they have interfaced with other systems and are unable to update systems without substantial upheaval and cost or just simply through a lack of investment – are exposed to attacks as the vendors cease to support the system. Patches are no longer provided to update systems and it generally becomes known that they are vulnerable. Interestingly, Wannacry was spread by all versions of unpatched Microsoft operating systems but nearly all infections were on Windows 7 machines.
The attack had no effect whatsoever on Augentius’ systems. This was because:
(i) we use modern systems which are constantly patched
(ii) there is no external access to our systems i.e. no holes in our firewalls and
(iii) anti-virus protection is run across all systems and updated intra-day.
Augentius has a dedicated team managing our IT network around the clock and we run modern operating systems which are fully supported by Microsoft. In addition, our network is monitored for malicious traffic and our firewalls are regularly penetration tested against known threats by accredited external specialists.
For many, the Wannacry incident was a wake-up call. So, what should managers be doing, if they haven’t already?
- Review current systems, identify any old or unsupported systems and consider replacement
- Install all patches as quickly as possible
- Have anti-virus checks running across all systems at all times and ensure they are constantly maintained up to date – and are current
- Run penetration tests with certified external providers