4 key cybersecurity lessons to learn from the WannaCry ransomware attack

As the media attention to the WannaCry attack quietens down, Wavestone’s cybersecurity team has analysed this attack and identified some key lessons from this attack, that every organisation should learn from. WannaCry was a ransomware attack that impacted more than 200,000 devices in 150+ countries, including numerous NHS Trusts in the UK.

For the cybersecurity professionals and decisions makers, this WannaCry attack was yet another reminder that “cyber risks” are not just hypothetical “criticalities scales” which need to be reported as (Red/Amber/Green) on a periodic basis. These are real risks that can and will occur if we don’t take them seriously and they will impact on our daily lives. On a practical level they could prevent us from getting a doctor’s appointment when we need one or cause delays in operations or critical surgeries, as experienced in this attack.

Lessons from WannaCry ransomware attack

At Wavestone we have been working with various organisations to provide advice and on-going support to mitigate the risks of cyber attacks. Here is our summary of the lessons that can be learnt from this ransomware attack:

1. For those impacted, this incident could have been avoided by following the same old [security] saying: “ensure you migrate your unsupported estate (e.g. Windows XP) and apply security patches”. This is basic security, which in this case was ignored/ missed by quite a few organisations. This shows why these migrations, patches and updates need to be taken so seriously.
2. In the short term, organisations may need to ensure that they are “safe” from this attack vector. There will likely be other malware variants exploiting the same vulnerability in the coming weeks, so it’s important to protect your organisation first from the known vulnerability. Please refer to our technical blog for detailed actions to take on that front.
3. As the new exploits and zero day vulnerabilities are discovered, cyber/ ransomware attacks will become more complex in nature and will continue to happen more frequently. Therefore, organisations should always be ready to respond to a cyber crisis, by preparing and practicing “cyber war games”, involving the full C suite.
4. In the mid-term, even for the most security mature organisations that are dealing with limited/ constrained budgets, the key issue is assigning the correct priority to actions like “legacy migration” and “patch management”. We advocate that organisations should choose their battles wisely by assessing the risks and prioritising actions to mitigate the most critical risks first.

To address that issue, at Wavestone, we believe that organisations should have a holistic and risk-based approach, prioritising the effort on their own “crown jewels” i.e. major critical systems. That may sound familiar and high-level, but it can set the right direction for the cybersecurity plans, by bringing clarity, focusing on the most critical issues first and prioritising them. We have developed a pragmatic and practical approach to it with our cyber risk assessment; by assessing what is of value to you (and to hackers) and connecting the dots with the underlying people, process or technology to act on. If it was applied to the recent incident, you would understand that losing the unsupported Windows XP estate would risk critical parts of the business processes, hence requiring an urgent action plan to mitigate that.

Conclusion

The risk of cyber attacks is always imminent and it can strike anytime to bring any business to its knees, halting operations, incurring revenue losses, landing millions of pounds worth of financial damages and loss of brand reputation. These consequences are too heavy to be ignored or taken lightly. Find out how Wavestone’s Cybersecurity and Digital Trust team can help you identify and protect against the risks of cyber/ ransomware attacks.