By Alan Daines, VP & Chief Information Security Officer, Dell.
The largest ransomware attack in history hit many organizations worldwide over the past few days. Known as the “WannaCry” worm, it encrypts the files on a computer and demands a $300 ransom payable in Bitcoin before unlocking it. Last year, according to the Department of Justice, 4,000 ransomware attacks happened daily in the US only. As of Friday, over 200,000 computers in 150 countries were hit by this one ransomware variant, according to Europol. Now that people are back to work again this week, organizations in Asia have reported that they are affected as well.
The most common types of data that are typically affected by ransomware attacks are employee, patient or customer information, as well as financial data. Attackers have also targeted infrastructure systems in the past. For example, in November 2016, hackers compromised and encrypted data from around 900 systems from San Francisco’s Municipal Transportation Agency. The key takeaway is that if your company’s data has value and you need it to run your business, then it’s vulnerable to attack.
One of the main reasons why ransomware attacks are successful is due to the number of employees who have data resting on their endpoint and the cyber-literacy of these employees. Last month, Dell released its end user security survey of 2,608 people who handle confidential data as part of their job. The results showed that more than 1 in 3 (36 percent) will frequently open emails from unknown senders at work, opening themselves and the organization to ransomware attacks.
How to protect?
So what can companies do to protect themselves? It is imperative that businesses take a multi-layered approach that address all facets of cybersecurity:
▪ Have robust security solutions in place to protect critical data and prevent threats from taking place. This includes advanced threat prevention to help stop the threats, data encryption so that even if someone obtains your data it can’t be used, and back-up and recovery solutions to get up and running again if a breach occurs.
▪ Educate employees about their role in security and encourage employees to think before they act. Employees should be wary of communications are either unsolicited, or that implore you to act immediately or ask for personal information. That urgent email from your bank asking you to click to verify your information may not be from your bank. When it doubt, don’t click on the link or open the attachment.
▪ Keep the security solutions that you do have in place updated and deploy all patches promptly. This attack occurred because of a vulnerability in Windows for which Microsoft released a patch back in March. While many organizations do not have security specialists on staff or limited budgets, every organization needs to prioritize software maintenance as well as the deployment of patches in order to reduce the areas of vulnerability.
▪ And lastly, have a back-up plan. In the event things go wrong, organizations must have robust data recovery solutions in place to be able to meet any application recovery time objectives set forth by the business. This could be the difference between companies that bounce back quickly in the event of catastrophe and those that don’t.
Dell has taken these steps and we are currently reviewing our internal systems, our products and our hosted services to make sure we protect ourselves and our customers from this attack. For those looking to understand how to protect themselves going forward, Dell Technologies have several security products available that can help.