Preventing Another Wannacry

Uploaded on 2018-05-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

It’s been a year since the WannaCry ransomware variant crippled the UK’s National Health Service (NHS), but that was just the tip of the iceberg, the attack is said to have hit more than 300,000 computers in 150 nations.

Those who orchestrated the chaos weren’t targeting the NHS per se; rather, the healthcare service became victims of the ‘unsophisticated’ attack due to its lack of ‘basic IT security’. With surgeries cancelled, ambulances diverted and countless appointments postponed, a lot of damage was done, with a lot more unsubstantiated damage on top of it.

All of this could’ve been easily prevented had the NHS followed simple cybersecurity measures, it’s not beyond the realms of possibility that a single consultation with an ethical hacker could have exposed the vulnerability before it spread far and wide.

The Healthcare Risks
With stretched budgets, IT teams are too often short on the resource required to conduct manual patching. So, it doesn’t take long for hardware to become increasingly outdated, software to become increasingly unstable and IT training to be left by the wayside. The result is an environment where basic security practices are being forgotten.

It’s not just healthcare that is experiencing this, but it is the sector where the consequences are most life threatening. 
This lack of IT security awareness is in stark contrast with the number of technological advances we’ve witnessed in healthcare in recent years. For instance, there’s been a gradual increase in the number of connected medical devices being used.

Internet of Things-enabled trackers are making patient care easier for patients and doctors alike. However, they’re also making life easier for hackers with more entry points to exploit. Added to that, there’s been a recent trend for medical practitioners to share patient data via channels such as a Facebook, WhatsApp and even Snapchat channels that can be compromised by hackers with the right techniques. 

This is worrying news for a sector that handles some of our most private information. The price of a breach is high for medical practitioners. In fact, it’s one of the highest because of the sector’s highly regulated nature.

Figures from Ponemon Institute’s 2017 Cost of Data Breach Study ranks healthcare as the top industry when it comes to the cost of data breach per capita. Whereas the global average per capita cost of a data breach is $141, this figure rises to $380 for healthcare firms.

Prevention is Better than Cure
It’s a no-brainer that prevention is better than cure. It costs more to recover from a hack than to proactively prevent it from happening. This is both from a financial standpoint (where stolen medical records can be held at ransom) and a productivity point of view - it’s much more stressful to recover from a hack than to work at maintaining security on a day-to-day basis.  
Businesses should take a holistic approach to limiting their exposure and vulnerabilities in terms of network security. This includes ensuring all operating systems and virus definitions are kept up to date.

WannaCry made use of the EternalBlue exploit, which Microsoft patched on March 14th 2017. Note the time difference between the patch and the attack. All IT administrators want to make sure their machines are being updated, be it manually or automatically, with little delay.

The bigger challenge is that the process of patching has barely changed since 1995, meaning there can be extensive downtime for large organisations with complex networks. This leads to patching not taking place as quickly or as often as it should.

The solution lies in the industry and vendors looking at alternative methods which kill off bad processes and patch in an ongoing synchronous manner rather the current a-synchronic process involving a download to allow the patch to run and reboot machines.

It’s also important to have in place effective disaster recovery techniques such as keeping critical data backed up in a separate location, segregating data and the principle of least privilege. WannaCry operated by scrambling computer data and demanding payment of $300-$600 to restore access. If you have your data backed up, there’ll be no need for you to pay up.
WannaCry was a self-replicating virus, meaning it managed to quickly spread itself across connected computers. Storing backups in an isolated location would’ve prevented backup data from being encrypted as well. 

Next-Steps
The issue of cybersecurity goes beyond healthcare. According to the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2018, around 43% of UK businesses have experienced a cybersecurity breach in the past 12 months. 

A one-size approach will not suit all. Security processes must match the nature of your organisation. There is a need to expect the unexpected, as no one knows when the next attack will be. But you can be prepared as vulnerabilities are published regularly and WannaCry was a known problem for several months. 

This underlines the need to stay updated, be proactive with IT security and continue to learn from mistakes. It’s not a fail-safe strategy, but it is your best bet in deferring unwanted hackers. 

Infosecurity Magazine

You Might Also Read:

British Healthcare System Spends £150m Extra On Cybersecurity:

Re-Thinking The Threat Of Ransomware:

 

« An Iranian Hacker Confesses
Insurers Are Not Ready For IoT »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

CybrHawk

CybrHawk

CybrHawk is a leading provider of information security-driven risk intelligence solutions focused solely on protecting clients from cyber-attacks.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Reken

Reken

Reken are building a new type of AI platform and products to protect against generative AI threats.

Nova Microsystems

Nova Microsystems

Nova's mission is to revolutionize cybersecurity through continuous data analysis and dynamic AI-driven encryption.